Security & Tech:

• Security Warnings
  • Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability December 28, 2012
    Pligg CMS 'status' Parameter SQL Injection Vulnerability […]
  • Vuln: FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability May 18, 2012
    FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability […]
• Cnet Tech News
  • Are people more honest when they text? May 19, 2012
    A study at the University of Michigan suggests not only that we are likely to tell the truth when we let our fingers do the talking, but that we're also more likely to give more detailed and precise answers to questions. [Read more] […]
  • China clears Google, Motorola merger: Deal to close 'within days' May 19, 2012
    Following China's approval of the deal, Google is set to acquire smartphone maker Motorola Mobility for $12.5 billion as soon as this coming week. [Read more] […]
  • Wife nixes hubby who didn't alter Facebook status to 'married' May 19, 2012
    An Indian woman wonders how she can possibly trust her husband. After all, two months into their marriage, he still hasn't changed his Facebook status. [Read more] […]
  • Getting in on the secret of Pixar's 'hidden' speakeasy May 19, 2012
    A Pixar animator opened a small access door in his office, got on his hands and knees and crawled through the opening, and discovered a "secret" room. The rest, as they say, is history. [Read more] […]
  • This week in Crave: The Facebook phone home edition May 19, 2012
    The world kept moving ahead of Friday's Facebook stock debut, which, it turned out, wasn't all that spectacular. Did you manage to tear yourself away from the IPO coverage? [Read more] […]
• Sans Security Tips
  • Use Outlook? Use the Auto-Preview, not the Reading Pane
    […]
  • Do not write your password down and leave it near your computer
    […]
• US-Cert.gov Vulns
  • Apple Releases QuickTime 7.7.2 May 16, 2012
  • Google Releases Google Chrome 19 May 15, 2012

Geek News:

• Sans Security Alerts
  • SANSFIRE 2011
    SANSFIRE 2011 […]
  • (1) HIGH: Google Chrome Sandbox Escapes
    Category: Widely Deployed Software Affected: Google Chrome Prior to 17.0.963.79 […]
• SecurityFocus – Vulns
  • Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability December 28, 2012
    Pligg CMS 'status' Parameter SQL Injection Vulnerability […]
  • Vuln: FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability May 18, 2012
    FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability […]
• Securityfocus – News
  • News: Change in Focus March 9, 2010
    Change in Focus […]
  • News: Twitter attacker had proper credentials December 17, 2009
    Twitter attacker had proper credentials […]

Hack-In-The-Box:

• “Keeping Knowledge Free”
  • Spammers using social media instead of email May 18, 2012
    According to security experts, social networking sites, rather than email, are now the most favored platform for spammers to peddle their unsolicited links, as reported by Bloomberg.  This is partially due to the fact that email spam filters have become so effective that tens of billions of spam messages are now being diverted to social media sites instead, […]
  • Twitter implementing Mozilla's Do Not Track feature May 18, 2012
    Twitter will be implementing the Do Not Track feature in the Mozilla Firefox browser, as announced Thursday by Ed Felten, chief technology officer for the Federal Trade Commission at a New York Internet Week privacy panel. Twitter confirmed the FTC's announcement, appropriately enough, in a tweet. Carolyn Penner, a spokeswoman for Twitter, said, "W […]
  • Reports: HP poised to eliminate up to 30,000 jobs May 18, 2012
    Hewlett-Packard is poised to eliminate as many as 30,000 jobs to compensate for dwindling demand for personal computers as more people connect to the Internet on smartphones and tablets, according to reports published Thursday. Tags: HPIndustry News […]

• SANS Internet Storm Center, InfoCON: green
  • Infocon: green
    PHP 5.4 Remote Exploit PoC in the wild […]
  • PHP 5.4 Remote Exploit PoC in the wild, (Sat, May 19th) May 19, 2012
    There is a remote exploit in the wild for PHP 5.4 ...(more)... […]
  • ZTE Score M Android Phone backdoor, (Fri, May 18th) May 18, 2012
    The ZTE Score M phone, apparently available via Metro PCS in the US, comes with a special suid backd ...(more)... […]
  • ISC StormCast for Friday, May 18th 2012 http://isc.sans.edu/podcastdetail.html?id=2545, (Fri, May 18th) May 17, 2012
    ...(more)... […]
  • ISC Feature of the Week: Tools->Information Gathering, (Thu, May 17th) May 17, 2012
    Overview One of the sections on the ISC Tools page is Information Gathering at https://isc.sans ...(more)... […]

F-Secure Weblog:

• “Weblog of the F-Secure Antivirus Research Team”
  • Video: Angry Birds Space Trojan & Drive-by Android
    On Monday, we released our Mobile Threat Report for Q1, and in that report we mention there's a growing number of mobile trojans that "deliver on their promises". What do we mean by that?Well, in the past, mobile malware often offered something such as "free" mobile web services as bait, but then, during installation, the trojan woul […]
  • Repost: Webinar: Making Life Difficult for Malware
    Jarno Niemela, a Senior Researcher here at F-Secure Labs, will be taking part in a Black Hat Webcast on Thursday, May 17, 2012.The subject is "Making Life Difficult for Malware" and will focus on system modifications that can be used to prevent malware from functioning properly in the event that your system is compromised.More information can be fo […]
  • Recommended Listening: Danger In The Download
    The Documentary, a BBC World Service program (or programme) recently aired a 3-part series called Danger In The Download.It's definitely worth a listen. All of the episodes are now available online.Episode 1 — The growing threats in cyberspace from hackers and cyber weapons.Episode 2 — Is the net's architecture and governance is still fit for purpo […]

Kasperky Lab Weblog:

• “Analyst’s Diary”
  • We Need More Than Jelly Bean May 18, 2012
    Google is set to launch Android 5.0, aka Jelly Bean, this fall. But do we even need it? While Google has made some steps in securing its Play branded marketplace, and offered a few security updates to the operating system, it is a fact that the most targeted Android platform is still 2.x. Why is that? There are several reasons, not the least of which is a la […]
  • Carolina Dieckmann, Brazilian cybercrime legislation and la “Viveza criolla” May 16, 2012
        Carolina Dieckmann, a famous Brazilian actress, recently became the victim of cyber attacks that allowed cybercriminals to steal personal property - nude pictures of her- from her computer. Many pictures or maybe all of them got leaked to the Internet. This incident has served as a good incentive for the Brazilian government to have new cybercrime laws i […]
  • Public points of data loss May 14, 2012
        “Forgetting” or “underestimating” are the main reasons for data loss around the world. In an airport lounge during my last trip I came across  some cool tab devices running on Android integrated with an external keyboard available for public use and connected to the Internet. As in the past I performed a quick check of downloaded files, most visited site […]

InfoSec Writers:

• Infosec Writers Latest Security Papers
  • Internet Acceptable Use Policies: Drawing the line May 11, 2012
    Raymond Pitzen submits this paper on Acceptable Use Policies and things to consider when creating your own. […]
  • Securing Amazon Web Services (AWS) and Simple Storage Service (Amazon S3) Security May 10, 2012
    David Borland submits this paper on Amazon AWS security basics. A very good overvie wif you are considering Amazon as a cloud provider and want to know more about the security they provide. […]
  • Getting maximum value from Penetration Testing May 9, 2012
    This vendor provided paper is a little different from most papers on Penetration Testing, in that it takes a holistic approach to the subject matter, and discusses both the strengths and weaknesses of Penetration Testing, and attempts to inform the reader in such a way as to empower them to extract maximum value from the exercise (whether they are doing it t […]

IT Observer:

• “Information Technology Security Magazine”
  • Websense Wireless Security Expert to Present on Emerging Security & Web Content Threats in 3G at QuEST Forum EMEA January 20, 2009
    Websense, Inc. (Nasdaq: WBSN), a global leader in web security and web filtering productivity software, today announced that Mark Fogel, vice president for Websense(R) Wireless, a Division of Websense, Inc., will be giving a presentation on Emerging Security & Web Content Threats in 3G at the third annual QuEST Forum (Quality Excellence for Suppliers of […]
    admin
  • AI-based Security Appliance Stops MySpace Email Scam January 15, 2009
    Espion has announced the discovery of the first email-based MySpace Spam Scam. At 5:35pm EST an email was trapped in our unprotected honey pot. At the same time an identical email was stopped by Espion´s Interceptor anti-spam and security appliance. The trapped email looks like a legitimate message from MySpace with the subject reading [New message […]
    admin
  • Compliance and mobility govern security January 15, 2009
    The one segment in IT that has seen tremendous growth over the past few years is security. Despite advances in technology, security threats are growing at an alarming rate. The Indian network security market experienced a healthy growth in 2005 reaching about $116 million, up 70 percent compared to last year, says business consulting firm […]
    admin
  • Winny Virus Wrecks Data Havoc In Japan January 15, 2009
    Top-secret military information, business documents of hundreds of corporate firms , personal and confidential data related to thousands of patients, complete information of Yahoo shopping mall, high profile information of Liberal Democratic Party and thousands more are all floating currently on the internet, creating an enormous flood of information leakage […]
    admin
  • Protection from Emerging Virus Threats January 15, 2009
    Today’s malware distributors skirt traditional defenses by exploiting the zero hour gap, the time it takes to identify the attacking malware and write signatures that can detect and neutralize it. Recent studies have shown the lag time or gap between when a virus is recognized and a signature written to combat it can range from […]
    admin