[ISN] Pentagon Disconnects iPhone, Android Security Service, Forcing a Return to BlackBerry for Some

http://www.nextgov.com/mobile/2013/12/defense-disconnects-iphone-android-security-service-forcing-return-blackberry-some/74753/ By Aliya Sternstein Nextgov.com December 3, 2013 Some military members who were working off Apple and Android-based smartphones and tablets now must return to using older model BlackBerrys because of a security service switchover, according to an email obtained by Nextgov and confirmed by Pentagon officials. The Defense Department is building a new mobile device management system to monitor government-issued consumer smartphones on military networks, but it’s not yet ready for prime time. Employees within at least one Army organization were forced to disconnect iPhones, iPads and Android devices from their existing security service, Good Mobile Messaging, because the Pentagon is deploying a new departmentwide system by Fixmo, states an email that appeared in an Army listserve. Army personnel “have been told that between now and whenever this ‘fixmo’ is online, their Droids and iThings are simply to become useless,” the email said. The Defense Information Systems Agency is in the midst of transitioning smartphone users in each military component to the full $16 million system. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Logins stolen from Facebook, Google, ADP payroll processor

http://news.techworld.com/security/3492120/logins-stolen-from-facebook-google-adp-payroll-processor/ By Jeremy Kirk TechWorld.com 04 December 2013 Two million logins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, part of a large botnet using controller software nicknamed “Pony.” Another company whose users’ login credentials showed up on the server was ADP, which specializes in payroll and human resources software, wrote Daniel Chechik, a security researcher with Trustwave’s SpiderLabs. It’s expected that cybercriminals will go after main online services, but “payroll services accounts could actually have direct financial repercussions,” he wrote. ADP moved US$1.4 trillion in fiscal 2013 within the U.S., paying one in six workers in the country, according to its website. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] IG finds holes in DHS’s cybersecurity

http://www.politico.com/story/2013/12/inspector-general-department-homeland-security-cybersecurity-100554.html By TONY ROMM Politico.com 12/3/13 The Department of Homeland Security is leading the charge to bolster the country’s porous digital defenses, but it’s also struggled this year to safeguard its own systems against hackers and spies, according to its top watchdog. A report Monday from the DHS inspector general reiterated that the agency for months failed to patch its systems regularly against known cybersecurity threats or scan its networks consistently, in real time, to keep out digital malefactors. Some at DHS even had been using an old, soon-to-be unsupported version of Microsoft Windows, according to the IG, whose conclusions are drawn from earlier studies issued throughout 2013. DHS also lagged in developing a more secure system to ensure the right employees are accessing the right data, the watchdog found. The IG’s report card isn’t all bad for DHS, which did receive a few high marks. The agency, for its part, told the IG it has remedied some of the worst mistakes, with an eye on additional fixes next year. A spokesman said DHS “continues to improve and strengthen our capabilities to address” cyber risks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] China Coal Bank website hacked

http://www.globaltimes.cn/content/829072.shtml By Chen Yang Global Times 2013-12-2 The website of the new China Coal Bank has been hacked by Japanese financial companies and their Chinese partners, JinBen Investment Group Co, one of the founders of the bank, claimed in a statement on Sunday. Meitanbank.com has been hacked since Friday, with the hacker leaving a number of messages, including, “the China Coal Bank has offended many people.” Another message claimed that JinBen “colluded with financial institutions to drive up share prices in the coal and nonferrous metal sector in the mainland stock market on Friday, leading to losses of several hundred million yuan for our financial groups.” “We’ve found that our website has been attacked by a large number of IP addresses based in Japan,” Wang Wen­yuan, a Guangzhou-based spokesman for JinBen, told the Global Times on Sunday. The firm also said two of its staff members were attacked by strangers on Thursday, and wiretaps have been found in the company’s office. Wang said the company will not call in the police, but will take action on its own, without offering further details. In the statement, the company said it might take advice from hacker group Honker Union of China. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CarolinaCon-10 / 2014 – Call for Presenters/Speakers

Forwarded from: Vic Vandal h4x0rs, stuff breakers, InfoSec pros, g33k girls, international spies, and script kidz, CarolinaCon-10 will occur on May 16th-18th 2014 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-10, we cordially invite you to submit your proposal. Please send; – your name or handle/alias – the presentation name/title – a brief topic abstract (1-2 paragraphs) – the estimated time-length of your presentation – a brief bio (100% optional item, but if your talk is chosen it saves the time and trouble of asking for it later) ….via e-mail to: speakerscarolinacon.org *NOTE: All submissions are due BY February 28, 2014. However we may be making some early selections this year from amongst the submissions, so please be timely in submission if you’re committed to being part of the elite cadre of chosen presenters. We value diversity so please don’t hesitate to propose your ideas no matter how outlandish. If you present at the Con, you will receive; – free CarolinaCon admission for you and one guest – one free CarolinaCon-10 T-shirt (l33t) – free transportation between RDU airport and the conference hotel (if needed) – minimal fame, glory, and possibly even notoriety – mad props and much love from our staff and attendees SPONSORS and/or VENDORS: We don’t accept any, so please don’t bother asking. Capitalism (what you vendor/sponsor types do) and philanthropic knowledge-sharing (what we do) don’t mix in our opinion. We keep our admission price to the bare minimum to cover our venue and equipment expenses. All of our staff are volunteers who generously donate their time and energy. All of our presenters generously donate their time and talent. The only items sold at CarolinaCon are a limited quantity of single-design CarolinaCon t-shirts….and we only make and sell those because attendees and staff want them (and because they’re cool). ATTENDEES: If you are interested in attending, watch this space for more details: www.carolinacon.org …and don’t forget to mark the May 2014 dates on your calendar. If you have any important (as in not-dumb and not-spam) inquiries about the event you can send email to: infocarolinacon.org We look forward to seeing you at our 2014 event. Peace, Vic


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Government data found on memory sticks

http://www.theaustralian.com.au/technology/government-data-found-on-memory-sticks/story-e6frgakx-1226773129880 AAP December 02, 2013 USED memory sticks being sold on the internet have been found to contain sensitive Australian government data, according to a new study. The research paper, to be presented at a cyber security conference in Perth, reveals how researchers discovered the government information amongst a “treasure trove” of confidential material on the discarded memory sticks. And the results have prompted authors Patryk Szewczyk and Krishnun Sansurooah, of the Security Research Institute at Perth’s Edith Cowan University, to urge sellers to beware they are not handing over their secrets by taking money for old memory sticks. “The results show that sellers are sending memory cards with no evidence of erasure, poor attempts to erase data – or simply asking the buyer to erase the data prior to use,” the study concluded. “The data recovered is not only of a personal nature, but also appears to originate from Australian government departments and business.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Akamai to Buy Cybersecurity Firm Prolexic for $370 Million

http://online.wsj.com/news/articles/SB10001424052702304854804579234091720329338 By BEN FOX RUBIN And DREW FITZGERALD The Wall Street Journal Dec. 2, 2013 Akamai Technologies Inc. agreed to buy Prolexic Technologies Inc. for about $370 million in cash, expanding its cybersecurity offerings. Prolexic specializes in technology that guards data centers against distributed denial of service attacks, an increasingly common threat that can shut down a website by flooding its address with fake information requests. Akamai Chief Executive Tom Leighton said such attacks often overwhelm otherwise strong technology because the onslaughts are becoming bigger and less predictable. “Scale has really been a killer for the traditional ways of defending a website,” Mr. Leighton said in an interview. “You need to stop the attack traffic close to where it’s coming from before it even gets to the data center.” Rising demand for online content continues to drive revenue growth at Akamai, which runs a network of servers and other equipment that speed delivery of Internet content. Akamai has reported double-digit sales growth in recent years, and results in recent quarters often beat its own expectations as well as Wall Street estimates. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail