Dark, Dank & Dangerous
Zendesk Security Breach Affects Twitter, Tumblr and Pinterest | Threat Level Customer service software provider Zendesk announced a security breach that allowed attackers into its system, where they could access data from three customers this week. Wired learned those three clients were Twitter, Pinterest and Tumblr. The San Francisco-based company announced the breach in a blog post published early Thursday night. Tumblr notified affected users in an email at approximately 6:35 p.m. PST; Twitter and Pinterest are expected to do so shortly.
Cyber Intelligence Sharing and Protection Act The Cyber Intelligence Sharing and Protection Act (CISPA H.R. 3523 (112th Congress), H.R. 624 (113th Congress)) is a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The stated aim of the bill is to help the U.S. government investigate cyber threats and ensure the security of networks against cyberattacks. Some critics saw CISPA as a second attempt at strengthening digital piracy laws after the Stop Online Piracy Act and the Protect Intellectual Property Act both met huge opposition. Intellectual property theft was initially listed in the bill as a possible cause for sharing Web traffic information with the government, though it was removed in subsequent drafts. Content
A multinational security firm has secretly developed software capable of tracking people's movements and predicting future behaviour by mining data from social networking websites. A video obtained by the Guardian reveals how an "extreme-scale analytics" system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare. Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.
Ubuntu ships Pidgin but does not update it after a release (except for security issues and high-severity bugs). For those users who desire new releases of Pidgin, we have packaged Pidgin in a PPA. If you encounter problems with these packages, try building from source and report the bug. Download Pidgin for Windows
Wal-Mart pretty much sliced itself open and spilled its guts onto the scammer's lap. In this year's Capture the Flag social engineering contest at Defcon, champion Shane MacDougall used good lying, a lucrative (albeit bogus) government contract, and his talent for self-effacing small talk to squeeze the following information out of Wal-Mart: The small-town Canadian Wal-Mart store's janitorial contractor,Its cafeteria food-services provider,Its employee pay cycle,Its staff shift schedules,The time managers take their breaks, Where they usually go for lunch, Type of PC used by the manager, Make and version numbers of the computer's operating system, and Its Web browser and antivirus software. Reporting from the Las Vegas show, which wrapped up a few weeks ago, Stacy Cowley at CNNMoney wrote up the details of how Wal-Mart got taken in to the extent of coughing up so much scam-worthy treasure. How a social engineer tricked Wal-Mart into handing over sensitive information
New Memory Method Lets Users Remember Long Passwords -- Subconsciously 'Implicit learning' lets users store a 30-character password in their memories -- without remembering it Remembering passwords is the biggest bane of security for most users. But what if you could learn a long password and remember it subconsciously, like you remember how to ride a bike? According to a report about subconscious passwords in the publication Extreme Tech, a group of neuroscientists and cryptographers have developed a password system that does just that.
scrambls - home
Magic Quadrant for Endpoint Protection Platforms
Attackers Divert Bank Phone Calls to Cover Tracks
Poisoning The Data Well
Encrypt Stick Features & Benefits
Sucuri - Protect Your Interwebs As your site’s webmaster, have you ever seen an e-mail from Google like this: Hello,We wanted to alert you that one of your sites violates our advertising policies. Therefore, we won’t be able to run any of your ads that link to that site, and any new ads pointing to that site will also be disapproved.Here’s what you can do to fix your site and hopefully get your ad running again:1. Make the necessary changes to your site that currently violates our policies: Display URL: site.com Policy issue: Malware Details & instructions: 2. Resubmit your site to us, following the instructions in the link above….
Danger Room What's Next in National Security From Threat Level Dude, You Can’t Copyright That Hookahby David KravetsA California hookah pipe maker's copyright infringement lawsuit against a rival went up in smoke today when a federal appeals… More01.09.14 Telecom Believed to Be at Center of Government Court Fight Files Surveillance Transparency Reportby Kim ZetterA small telecom believed to be at the center of a historic court battle over government surveillance published its first… More01.09.14 Teen Reported to Police After Finding Security Hole in Websiteby Kim ZetterA teenager in Australia who thought he was doing a good deed by reporting a security vulnerability in a government web site that… More01.09.14
Wardriving Evolves Into Warflying
About two weeks ago, a posting on the Full Disclosure Mailing List announced a new Linux rootkit. Indeed, the posting didn't just announce the malware, but included a fully-working sample... While the biggest shopping days of the year in the United States are now over, the scams are likely to continue through the end of the year.
Over a million web sites affected in mass SQL injection attack Security researchers from Armorize have intercepted a mass SQL injection attack, targeting ASP ASP.NET websites. The mass infection, redirects users to a web malware exploitation kit, attempting to exploit vulnerabilities in Adobe PDF or Adobe Flash or Java, with the dropped malware having a low detection rate. Mass SQL injection attacks usually take place through active search engines reconnaissance (SQL Injection Through Search Engines Reconnaissance; Massive SQL Injections Through Search Engine's Reconnaissance - Part Two; Massive SQL Injection Attacks - the Chinese Way) followed by automatic exploitation of the vulnerable sites. Of the two SQL injected domains nbnjkl.com and jjghui.com, only nbnjkl.com is currently active and responding.