Dark, Dank & Dangerous
Get flash to fully experience Pearltrees
Customer service software provider Zendesk announced a security breach that allowed attackers into its system, where they could access data from three customers this week. Wired learned those three clients were Twitter, Pinterest and Tumblr. The San Francisco-based company announced the breach in a blog post published early Thursday night. Tumblr notified affected users in an email at approximately 6:35 p.m. PST; Twitter and Pinterest are expected to do so shortly.
The Cyber Intelligence Sharing and Protection Act ( CISPA ) is a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill is to help the U.S government investigate cyber threats and ensure the security of networks against cyberattack. [ 1 ] CISPA has been criticized by advocates of Internet privacy and civil liberties , such as the Electronic Frontier Foundation , the American Civil Liberties Union , and Avaaz.org . Those groups argue CISPA contains too few limits on how and when the government may monitor a private individual’s Internet browsing information.
Link to video: How Raytheon software tracks you online A multinational security firm has secretly developed software capable of tracking people's movements and predicting future behaviour by mining data from social networking websites. A video obtained by the Guardian reveals how an "extreme-scale analytics" system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare. Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.
Ubuntu ships Pidgin but does not update it after a release (except for security issues and high-severity bugs). For those users who desire new releases of Pidgin, we have packaged Pidgin in a PPA . If you encounter problems with these packages, try building from source and report the bug .
A new version of a sneaky piece of banking malware has been armed with a new feature to help attackers cover their tracks. According to Trusteer, certain new configurations of Ice IX – a modified variant of the Zeus platform – are capturing telephone account information belonging to their victims. The goal is to enable the attackers to divert calls from banks that are intended for the customer to telephones controlled by the attacker.
BLACK HAT USA 2011 -- Las Vegas -- Yesterday at Black Hat, two security researchers demonstrated how a radio-controlled model airplane outfitted with a computer and 4G connectivity could be used to create a nearly undetectable aerial hacking device that could perpetrate aerial attacks on targets otherwise unreachable by land. Created completely with off-the-shelf equipment and open-source software -- and with a budget of only about $6,100 -- the demo plane they brought on stage with them was capable of wireless network sniffing and cracking, cell tower spoofing, cell phone tracking and call interception, data exfiltration, and video surveillance. "There is some really evil stuff you can do from the sky," said Mike Tassey, who together with Richard Perkins spent more than 1,300 hours building, testing, and refining the device they call the Wireless Aerial Surveillance Platform (WASP).
Security researchers from Armorize have intercepted a mass SQL injection attack , targeting ASP ASP.NET websites. The mass infection, redirects users to a web malware exploitation kit, attempting to exploit vulnerabilities in Adobe PDF or Adobe Flash or Java , with the dropped malware having a low detection rate . Mass SQL injection attacks usually take place through active search engines reconnaissance ( SQL Injection Through Search Engines Reconnaissance ; Massive SQL Injections Through Search Engine's Reconnaissance - Part Two ; Massive SQL Injection Attacks - the Chinese Way ) followed by automatic exploitation of the vulnerable sites. Of the two SQL injected domains nbnjkl.com and jjghui.com , only nbnjkl.com is currently active and responding.