http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com Secuobs.com : 2016-04-27 05:33:29 - Office of Inadequate Security - From a newly released GAO report Modern vehicles contain multiple interfaces connections between the vehicle and external http://www.secuobs.com/revue/news/604770.shtmlhttp://www.secuobs.com/revue/news/604770.shtml Secuobs.com : 2016-04-27 04:33:00 - Office of Inadequate Security - There continues to be a lot of media coverage of the COMELEC breach in the Philippines Here s an interesting http://www.secuobs.com/revue/news/604769.shtmlhttp://www.secuobs.com/revue/news/604769.shtml Secuobs.com : 2016-04-27 04:00:28 - Hackaday - Hackadayio user eagleisinsight is a high-school hacker whose dreams of becoming a Theremin virtuoso were thwarted by the high cost of a commercial instrument His response is the Minimin, an affordable Theremin design using a 555 and an ATMega328 The 555 is configured as an astable oscillator running at about 5MHz and with a loop antenna attached to its timing capacitor The parasitic capacitance of the musician s hand against the antenna varies the frequency of the oscillation, as you would expect In a classic Theremin the signal from the 555 would be mixed with the output from a fixed 5MHz read more http://www.secuobs.com/revue/news/604768.shtmlhttp://www.secuobs.com/revue/news/604768.shtml Secuobs.com : 2016-04-27 03:58:41 - Risk Assessment Ars Technica - Unknown group attacked South East Asian targets, sometimes for years at a time http://www.secuobs.com/revue/news/604767.shtmlhttp://www.secuobs.com/revue/news/604767.shtml Secuobs.com : 2016-04-27 03:57:49 - Office of Inadequate Security - Patricia Hurtado reports An Estonian man who admitted directing what the US called a massive cybercriminal enterprise http://www.secuobs.com/revue/news/604766.shtmlhttp://www.secuobs.com/revue/news/604766.shtml Secuobs.com : 2016-04-27 02:29:53 - Hacker Public Radio - How to Make Kamboucha Tea Makes about 1 gallon Ingredients Ingredient US Metric water 3 1 2 quarts white sugar 1 cup black tea 8 bags or 2 tablespoons loose tea starter tea from last batch of kombucha or store-bought 2 cups scoby 1 per fermentation jar N A Optional flavoring extras for bottling 1 to 2 cups chopped fruit, 2 to 3 cups fruit juice, 1 to 2 tablespoons flavored tea like hibiscus or Earl Grey , 1 4 cup honey, 2 to 4 tablespoons fresh herbs or spices Equipment Stock pot 1-gallon glass jar or two 2-quart glass jars Bottles Six 16-oz glass bottles with plastic lids, 6 swing-top bottles, or clean soda bottles Instructions Note Avoid prolonged contact between the kombucha and metal both during and after brewing This can affect the flavor of your kombucha and weaken the scoby over time 1 Make the Tea Base Bring the water to a boil Remove from heat and stir in the sugar to dissolve Drop in the tea and allow it to steep until the water has cooled Depending on the size of your pot, this will take a few hours You can speed up the cooling process by placing the pot in an ice bath 2 Add the Starter Tea Once the tea is cool, remove the tea bags or strain out the loose tea Stir in the starter tea The starter tea makes the liquid acidic, which prevents unfriendly bacteria from taking up residence in the first few days of fermentation 3 Transfer to Jars and Add the Scoby Pour the mixture into a 1-gallon glass jar or divide between two 2-quart jars, in which case you'll need 2 scobys and gently slide the scoby into the jar with clean hands Cover the mouth of the jar with a few layers of cheesecloth or paper towels secured with a rubber band 4 Ferment for 7 to 10 Days Keep the jar at room temperature, out of direct sunlight, and where it won't get jostled Ferment for 7 to 10 days, checking the kombucha and the scoby periodically It's not unusual for the scoby to float at the top, bottom, or even sideways A new cream-colored layer of scoby should start forming on the surface of the kombucha within a few days It usually attaches to the old scoby, but it's ok if they separate You may also see brown stringy bits floating beneath the scoby, sediment collecting at the bottom, and bubbles collecting around the scoby This is all normal and signs of healthy fermentation After seven days, begin tasting the kombucha daily by pouring a little out of the jar and into a cup When it reaches a balance of sweetness and tartness that is pleasant to you, the kombucha is ready to bottle 5 Remove the Scoby Before proceeding, prepare and cool another pot of strong tea for your next batch of kombucha, as outlined above With clean hands, gently lift the scoby out of the kombucha and set it on a clean plate As you do, check it over and remove the bottom layer if the scoby is getting very thick 6 Bottle the Finished Kombucha Measure out your starter tea from this batch of kombucha and set it aside for the next batch Pour the fermented kombucha straining, if desired into bottles, along with any juice, herbs, or fruit you may want to use as flavoring Leave about a half inch of head room in each bottle Alternatively, infuse the kombucha with flavorings for a day or two in another jar covered with cheesecloth, strain, and then bottle This makes a cleaner kombucha without in it 7 Carbonate and Refrigerate the Finished Kombucha Store the bottled kombucha at room-temperature out of direct sunlight and allow 1 to 3 days for the kombucha to carbonate Until you get a feel for how quickly your kombucha carbonates, it's helpful to keep it in plastic bottles the kombucha is carbonated when the bottles feel rock solid Refrigerate to stop fermentation and carbonation, and then consume your kombucha within a month 8 Make a Fresh Batch of Kombucha Clean the jar being used for kombucha fermentation Combine the starter tea from your last batch of kombucha with the fresh batch of sugary tea, and pour it into the fermentation jar Slide the scoby on top, cover, and ferment for 7 to 10 days Additional Notes Batch Size To increase or decrease the amount of kombucha you make, maintain the basic ratio of 1 cup of sugar, 8 bags of tea, and 2 cups starter tea per gallon batch One scoby will ferment any size batch, though larger batches may take longer Putting Kombucha on Pause If you'll be away for 3 weeks or less, just make a fresh batch and leave it on your counter It will likely be too vinegary to drink by the time you get back, but the scoby will be fine For longer breaks, store the scoby in a fresh batch of the tea base with starter tea in the fridge Change out the tea for a fresh batch every 4 to 6 weeks Other Tea Options Black tea tends to be the easiest and most reliable for the scoby to ferment into kombucha, but once your scoby is going strong, you can try branching out into other kinds Green tea, white tea, oolong tea, or a even mix of these make especially good kombucha Herbal teas are ok, but be sure to use at least a few bags of black tea in the mix to make sure the scoby is getting all the nutrients it needs Avoid any teas that contain oils, like earl grey or flavored teas Avoid Prolonged Contact with Metal Using metal utensils is generally fine, but avoid fermenting or bottling the kombucha in anything that brings them into contact with metal Metals, especially reactive metals like aluminum, can give the kombucha a metallic flavor and weaken the scoby over time Troubleshooting Kombucha It is normal for the scoby to float on the top, bottom, or sideways in the jar It is also normal for brown strings to form below the scoby or to collect on the bottom If your scoby develops a hole, bumps, dried patches, darker brown patches, or clear jelly-like patches, it is still fine to use Usually these are all indicative of changes in the environment of your kitchen and not a problem with the scoby itself Kombucha will start off with a neutral aroma and then smell progressively more vinegary as brewing progresses If it starts to smell cheesy, rotten, or otherwise unpleasant, this is a sign that something has gone wrong If you see no signs of mold on the scoby, discard the liquid and begin again with fresh tea If you do see signs of mold, discard both the scoby and the liquid and begin again with new ingredients A scoby will last a very long time, but it's not indestructible If the scoby becomes black, that is a sign that it has passed its lifespan If it develops green or black mold, it is has become infected In both of these cases, throw away the scoby and begin again To prolong the life and maintain the health of your scoby, stick to the ratio of sugar, tea, starter tea, and water outlined in the recipe You should also peel off the bottom oldest layer every few batches This can be discarded, composted, used to start a new batch of kombucha, or given to a friend to start their own If you're ever in doubt about whether there is a problem with your scoby, just continue brewing batches but discard the kombucha they make If there's a problem, it will get worse over time and become very apparent If it's just a natural aspect of the scoby, then it will stay consistent from batch to batch and the kombucha is fine for drinking http://www.secuobs.com/revue/news/604765.shtmlhttp://www.secuobs.com/revue/news/604765.shtml Secuobs.com : 2016-04-27 01:23:59 - Hackaday - Give some mundane, old gear to an artist with a liking for technology, and he can turn it into a mesmerizing piece of art dmitry created red, an optic-sound electronic object which uses simple light sources and optical elements to create an audio-visual performance installation The project was the result of his collaboration with the Prometheus Special Design Bureau in Kazan, Russia The inspiration for this project was Crystall, a reconstruction of an earlier project dating back to 1966 The idea behind red was to recreate the ideas and concepts from the 60 s 80 s using modern solutions and materials read more http://www.secuobs.com/revue/news/604764.shtmlhttp://www.secuobs.com/revue/news/604764.shtml Secuobs.com : 2016-04-27 00:54:17 - Slashdot Your Rights Online - An anonymous reader quotes a report from Reuters FBI Director James Comey said on Tuesday that his agency was still assessing whether a vulnerability used to unlock an iPhone linked to one of the San Bernardino killers would go through a government review to determine if it should be disclosed to Apple or the public We are in the midst of trying to sort that out, Comey said The threshold for disclosure is, are we aware of the vulnerability, or did we just buy a tool and don't have sufficient knowledge of the vulnerability to implicate the process The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public Although officials say the process leans toward disclosure, it is not set up to handle or reveal flaws that are discovered and owned by private companies, sources have told Reuters, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604763.shtmlhttp://www.secuobs.com/revue/news/604763.shtml Secuobs.com : 2016-04-26 22:45:03 - HACKMIAMI - Join Us at HackMiami s Fourth Annual Security Conference This years conference will be held on May 13-15, 2016 at the Deauville Beach Resort, 6701 Collins Avenue, Miami Beach, FL 33141 We are proud to announce this year s Keynote Speakers John McAfee, Saturday, May 14, 2016 Iftach Ian Amit, Sunday, May 15, 2016 This years lineup http://www.secuobs.com/revue/news/604762.shtmlhttp://www.secuobs.com/revue/news/604762.shtml Secuobs.com : 2016-04-26 22:18:39 - Hackaday - Well this is something we haven t seen before A video wall made from 160 RGB illuminated gaming keyboards On display at the PAX East gaming expo, the keys on 160 Logitech keyboards make up the pixels of a video wall showing a short film inspired from side-scroller video games It s the work of the production company iam8bit Details on the system are scant, but we can learn a little from close observation of the video Logitech s RGB illuminated keyboard allow every key to be set to a custom color The keyboards making up the wall seem to have the key read more http://www.secuobs.com/revue/news/604761.shtmlhttp://www.secuobs.com/revue/news/604761.shtml Secuobs.com : 2016-04-26 21:37:30 - Security Bloggers Network - For all industries, web performance is an essential part of the online equation, and if there s an industry that s been disrupted by the web as greatly as the retail sector, it has to be news and media, making every aspect of the online experience even more important At the turn of this century, one of http://www.secuobs.com/revue/news/604760.shtmlhttp://www.secuobs.com/revue/news/604760.shtml Secuobs.com : 2016-04-26 21:37:30 - Security Bloggers Network - The personal data of around 11 million people could be sold off on the black market after BeautifulPeoplecom experiences data breach The post BeautifulPeoplecom experiences data breach 1m affected appeared first on We Live Security http://www.secuobs.com/revue/news/604759.shtmlhttp://www.secuobs.com/revue/news/604759.shtml Secuobs.com : 2016-04-26 21:37:30 - Security Bloggers Network - IMAGE Svenskt Luftrum Åsidosatt Flygplan Som News, via Aldrimer, of the Kingdom of Sweden's airspace, and the violation thereof - without aircraft Todays Must read and Hat Tip to Firewall Consultants Permalink http://www.secuobs.com/revue/news/604758.shtmlhttp://www.secuobs.com/revue/news/604758.shtml Secuobs.com : 2016-04-26 21:37:30 - Security Bloggers Network - Cybercriminals attacked the healthcare industry more than any other sector in 2015, according to a new report published by IBM Here's why http://www.secuobs.com/revue/news/604757.shtmlhttp://www.secuobs.com/revue/news/604757.shtml Secuobs.com : 2016-04-26 21:37:30 - Security Bloggers Network - Setting the benchmark Beating thirty other products in threat detection and response capabilities Outstanding achievement in product leadership, technological innovation, customer service, and product development Superior capabilities for best addressing customer needs Wow While we certainly don t do what we do here for such accolades we do it to help our The post Setting the Benchmark in the Network Security Forensics Industry appeared first on Speaking of Security - The RSA Blog and Podcast http://www.secuobs.com/revue/news/604756.shtmlhttp://www.secuobs.com/revue/news/604756.shtml Secuobs.com : 2016-04-26 21:37:30 - Security Bloggers Network - Hundreds of accounts' details popped up on Pastebin, with some users locked out and some seeing unheard songs on recently played lists http://www.secuobs.com/revue/news/604755.shtmlhttp://www.secuobs.com/revue/news/604755.shtml Secuobs.com : 2016-04-26 21:37:30 - Security Bloggers Network - The Domain Name Service DNS is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs names into IP addresses numbers Because every icon and URL and all embedded content on a website requires a DNS lookup, loading complex sites necessitates hundreds of DNS queries And http://www.secuobs.com/revue/news/604754.shtmlhttp://www.secuobs.com/revue/news/604754.shtml Secuobs.com : 2016-04-26 21:37:30 - Security Bloggers Network - A lot happens in the security world and many stories get lost in the mix In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5read more The post Threat Recap Week of April 22nd appeared first on Webroot Threat Blog http://www.secuobs.com/revue/news/604753.shtmlhttp://www.secuobs.com/revue/news/604753.shtml Secuobs.com : 2016-04-26 21:37:30 - Security Bloggers Network - It may not seem like a big deal to the ordinary person, but security-conscious customers care a great deal about FIPS 140-2 the standard that determines security assurance level Security vendors may tell you that their security appliances are FIPS validated, but ask them to prove it You have the right to ask a security vendor to point you to their certificate or you can simply go look online to see if their key management appliance has been officially validated I ll show you where to look a little further into the blog IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604752.shtmlhttp://www.secuobs.com/revue/news/604752.shtml Secuobs.com : 2016-04-26 21:35:01 - Office of Inadequate Security - An anonymous site visitor kindly pointed me to this item that was in the Akron Beacon Journal last week If you went to http://www.secuobs.com/revue/news/604751.shtmlhttp://www.secuobs.com/revue/news/604751.shtml Secuobs.com : 2016-04-26 21:35:01 - Office of Inadequate Security - Doha News reports that clients of Qatar National Bank QNB , employees at Al Jazeera Media Network, and even secret service http://www.secuobs.com/revue/news/604750.shtmlhttp://www.secuobs.com/revue/news/604750.shtml Secuobs.com : 2016-04-26 21:25:27 - HACKMIAMI - With over 15 years of experience in the information security industry, Iftach Ian Amit brings a mixture of Software development,OS, Network and web security to work on a daily basis He is a frequent speaker at leading security conferences around the world including BlackHat, DefCon, OWASP, InfoSecurity, etc , and have published numerous articles and research http://www.secuobs.com/revue/news/604749.shtmlhttp://www.secuobs.com/revue/news/604749.shtml Secuobs.com : 2016-04-26 21:25:27 - HACKMIAMI - John McAfee is a security visionary, creator of the first commercial anti-virus software, and a 2016 Presidential candidate for the Libertarian Party McAfee is also the founder of political party known as the Cyber Party Join us for a historic HackMiami Conference as John McAfee discusses the latest imminent threats facing individual freedoms during a critical http://www.secuobs.com/revue/news/604748.shtmlhttp://www.secuobs.com/revue/news/604748.shtml Secuobs.com : 2016-04-26 21:12:18 - Krebs on Security - A longtime reader recently asked How do online fraudsters get the 3-digit card verification value CVV or CVV2 code printed on the back of customer cards if merchants are forbidden from storing this information The answer Probably by installing a Web-based keylogger at an online merchant so that all data that customers submit to the site is copied and sent to the attacker's server http://www.secuobs.com/revue/news/604747.shtmlhttp://www.secuobs.com/revue/news/604747.shtml Secuobs.com : 2016-04-26 21:01:40 - DEF CON Announcements - DEF CON 24 Short Story Contest image The DEF CON Short Story Contest returns, bearing prizes and a chance at geek-lit glory All those inclined to compete are urged to visit DCShortStory or the DCShortStory DEF CON forum page for the rules and requirements as they develop Pencils up, people You have until May 30 to submit your masterpiece http://www.secuobs.com/revue/news/604746.shtmlhttp://www.secuobs.com/revue/news/604746.shtml Secuobs.com : 2016-04-26 20:50:33 - Hackaday - I recently had the chance to visit Belgrade and take part in the Hackaday Belgrade conference Whenever I travel, I like to make some extra field trips to explore the area This Serbian trip included a tour of electronics manufacturing, some excellent museums, and a startup that is weaving FPGAs into servers and PCIe cards MikroElektronika After the second world war Serbia was part of Yugoslavia and the region was a manufacturing hub for the entire Soviet bloc In particular, a lot of electronic components resistors, capacitors, etc were manufactured here Those types of components may no longer be read more http://www.secuobs.com/revue/news/604745.shtmlhttp://www.secuobs.com/revue/news/604745.shtml Secuobs.com : 2016-04-26 20:48:26 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge - We've recently intercepted, a malicious campaign, utilizing, Google Docs, for, the purpose, of spreading, malicious software, potentially, exposing, the confidentiality, integrity, and availability, of the, targeted hosts In this, post, we'll profile, the malicious campaign, expose, the malicious, infrastructure, behind, it, provide, MD5s, and, discuss, in depth, the, tactics, techniques, and IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604744.shtmlhttp://www.secuobs.com/revue/news/604744.shtml Secuobs.com : 2016-04-26 20:48:26 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge - We've recently intercepted, a currently, circulating, malicious campaign, utilizing, a variety, of compromised, Web sites, for, the purpose, of serving, malicious software, to socially engineered, users In this post, we'll profile, the campaign, the infrastructure, behind, it, provide, actionable, intelligence, MD5s, and, discuss, in depth, the tactics, techniques, and procedures, of, the IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604743.shtmlhttp://www.secuobs.com/revue/news/604743.shtml Secuobs.com : 2016-04-26 20:47:53 - TorrentFreak - Earlier this year the Federal Communications Commission promised to tear down anti-competitive barriers by opening up the set-top box market in the United States and freeing consumers from 20 billion a year in rental charges The proposals have spooked content owners, not least the MPAA who fear that pirate sites will take the opportunity to build a black market business Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604742.shtmlhttp://www.secuobs.com/revue/news/604742.shtml Secuobs.com : 2016-04-26 20:10:39 - Office of Inadequate Security - Catalin Cimpanu reports It appears that details of over seven million Minecraft gamers were being sold on the Dark Web, http://www.secuobs.com/revue/news/604741.shtmlhttp://www.secuobs.com/revue/news/604741.shtml Secuobs.com : 2016-04-26 19:44:18 - The Tor Blog blogs - Tor Browser 555 is now available from the Tor Browser Project page and also from our distribution directory This release features import security updates to Firefox This release updates Firefox to 3880esr Additionally, we bump NoScript to version 29011 and HTTPS-Everywhere to 516 Moreover, we don't advertise our help desk anymore as we are currently restructuring our user support Here is the full changelog since 554 Tor Browser 555 -- April 26 2016 All Platforms Update Firefox to 3880esr Update Tor Launcher to 0279 Bug 10534 Don't advertise the help desk directly anymore Translation updates Update HTTPS-Everywhere to 516 Update NoScript to 29011 Bug 18726 Add new default obfs4 bridge GreenBelt http://www.secuobs.com/revue/news/604740.shtmlhttp://www.secuobs.com/revue/news/604740.shtml Secuobs.com : 2016-04-26 19:36:37 - Hackaday - Long ago, when I wanted a plywood sheet, I would go to the local big box hardware store and buy whatever was at the center of the optimization curve for cheapest and nicest looking I would inevitably suffer with ultra-thin veneers on the top, ugly cores, unfinishable edges, warping, voids, and other maladies of the common plywood One day I said enough is enough and bothered the salesman at my local lumber supply until he showed me one that wasn t awful Baltic birch differs from other plywoods in a few ways Regular plywood is usually made locally from the cheapest read more http://www.secuobs.com/revue/news/604739.shtmlhttp://www.secuobs.com/revue/news/604739.shtml Secuobs.com : 2016-04-26 19:33:43 - Office of Inadequate Security - McKenzie Romero reports A letter sent to customers and distributors from doTERRA, the Utah-based essential oil company, is http://www.secuobs.com/revue/news/604738.shtmlhttp://www.secuobs.com/revue/news/604738.shtml Secuobs.com : 2016-04-26 19:33:19 - Dinis Cruz Blog - Following from First pass at BSIMM questions for teams here is an updated version of the questionnaire for developers It looks like this and it has 3 sections IMAGE The source file is available at GitHub Note this is still a very first early draft of these mappings with many changes expected in the next couple weeks http://www.secuobs.com/revue/news/604737.shtmlhttp://www.secuobs.com/revue/news/604737.shtml Secuobs.com : 2016-04-26 18:55:47 - Office of Inadequate Security - It looks like employees of yet another town may have become victims of tax refund fraud, and the town is trying to determine http://www.secuobs.com/revue/news/604736.shtmlhttp://www.secuobs.com/revue/news/604736.shtml Secuobs.com : 2016-04-26 18:39:08 - Global Security Mag Online - Appaloosa AppDome officialisent leur partenariat pour permettre aux entreprises de distribuer et protéger leurs applications mobiles privées sans aucun changement de code Cette collaboration permet ainsi aux équipes de développement de conserver leur rapidité de déploiement tout en bénéficiant d'une protection à l'avant-garde Un dôme de protection adapté à toutes les applications mobiles L'une des clés de la réussite de cette collaboration repose sur l'intuitivité et la rapidité qui sont offertes - Business http://www.secuobs.com/revue/news/604735.shtmlhttp://www.secuobs.com/revue/news/604735.shtml Secuobs.com : 2016-04-26 18:39:08 - Global Security Mag Online - D-Link lance un routeur pour offrir aux entreprises un moyen de chiffrer en toute sécurité les connexions entre les travailleurs mobiles, les succursales et les sièges sociaux Les entreprises ont aujourd'hui besoin de réseaux qui peuvent prendre en charge plusieurs exigences essentielles l'augmentation croissante de la taille des fichiers, de la solicitation de la bande passante avec l'utilisation par exemple de la visioconférence, et du nombre croissant d'appareils connectés au réseau Le - Produits http://www.secuobs.com/revue/news/604734.shtmlhttp://www.secuobs.com/revue/news/604734.shtml Secuobs.com : 2016-04-26 18:18:39 - 4sysops - Profile photo of Timothy Warner Timothy Warner - 0 comments Timothy Warner is a Windows systems administrator, software developer, author, and technical trainer based in Nashville, TN Check out his new book Windows PowerShell in 24 Hours Today I'm going to introduce you Binary Fortress' CheckCentral email notification solution CheckCentral is a cloud-based software-as-a-service SaaS web application that simplifies and centralizes your notifications http://www.secuobs.com/revue/news/604733.shtmlhttp://www.secuobs.com/revue/news/604733.shtml Secuobs.com : 2016-04-26 17:43:00 - Hackaday - Mr_GreenCoat is studying engineering His thermodynamics teacher agreed with the stance that engineering is best learned through experimentation, and tasked Mr_GreenCoat s group with the construction of a vacuum chamber to prove that the boiling point of a liquid goes down with the pressure it is exposed to His group used black PVC pipe to construct their chamber They used an air compressor to generate the vacuum The lid is a sheet of lexan with a silicone disk We ve covered these sorts of designs before Since a vacuum chamber is at max going to suffer 149 ish psi distributed load on read more http://www.secuobs.com/revue/news/604732.shtmlhttp://www.secuobs.com/revue/news/604732.shtml Secuobs.com : 2016-04-26 17:39:35 - Arbor Threat Intelligence - The infamous Remote Access Trojan RAT Poison Ivy hereafter referred to as PIVY has resurfaced recently, and exhibits some new behaviors PIVY has been observed targeting a number of Asian countries for various purposes over the past year Palo Alto Networks Unit 42 recently blogged about a new Poison Ivy variant targeting Honk Kong activists http://www.secuobs.com/revue/news/604731.shtmlhttp://www.secuobs.com/revue/news/604731.shtml Secuobs.com : 2016-04-26 17:00:30 - EEVblog - Mailbag time Forum HERE Death trap video HERE SPOILERS Zifnu Rocket Kit on Kickstarter PAX Instrument T400 Temperature Logger Arris Cable Modem teardown Mail from Claire Standish Sinclair ZX81 Computer Teardown 3D Printed glow in the dark Delorean Garmin Fishfinder Teardown http antdiyblogspotcomau Cheap Ebay 9 multimeter teardown Sharp EL-5810 pocket scientific calculator Dave s uCalc project http://www.secuobs.com/revue/news/604730.shtmlhttp://www.secuobs.com/revue/news/604730.shtml Secuobs.com : 2016-04-26 17:00:30 - EEVblog - Dave looks at possibly the world s most dangerous consumer product, a portable electrode boiler based water heater available on ebay Marketed as safe , it is nothing less than a death trap EDIT Holy crap They sell this as a baby bath heater Forum HERE http://www.secuobs.com/revue/news/604729.shtmlhttp://www.secuobs.com/revue/news/604729.shtml Secuobs.com : 2016-04-26 16:43:24 - Global Security Mag Online - La France est le premier pays ciblé par les cyberattaques par déni de service 95pourcents des sites sont démunis face aux cyberattaques et fraudes sophistiquées 70pourcents des menaces se concentrent sur les sites et applications web 35pourcents des attaques web provoquent une compromission de données Une solution Anti-DDoS protège quoi exactement Qu'est-ce qu'un firewall applicatif A quoi sert un SOC Security Operation Center Quels impacts ont ces protections sur mon business Venez faire le point - Événements http://www.secuobs.com/revue/news/604728.shtmlhttp://www.secuobs.com/revue/news/604728.shtml Secuobs.com : 2016-04-26 16:23:28 - Hackaday - It s a fair assumption that the majority of Hackaday readers will be used to working with electronic components, they are the life blood of so many of the projects featured here In a lot of cases those projects will feature very common components, those which have become commoditized through appearing across an enormous breadth of applications We become familiar with those components through repeated use, and we build on that familiarity when we create our own circuits using them All manufacturers of electronic components will publish a datasheet for those components A document containing all the pertinent information for a read more http://www.secuobs.com/revue/news/604727.shtmlhttp://www.secuobs.com/revue/news/604727.shtml Secuobs.com : 2016-04-26 16:21:48 - Help Net Security - About the author Craig Smith runs Theia Labs, a research firm that focuses on security auditing and building hardware and software prototypes He is also a founder of the Hive13 hackerspace and OpenGarages He has worked for several auto manufacturers, where he provided public research on vehicle security and tools Inside The Car Hacker s Handbook Car hacking and the insecurity of modern, computerized, connected cars has been a topic of much interest in the last More http://www.secuobs.com/revue/news/604726.shtmlhttp://www.secuobs.com/revue/news/604726.shtml Secuobs.com : 2016-04-26 16:16:12 - MHz Blog - Cette omni se différencie des autres antennes de sa catégorie car elle couvre pratiquement toutes les bandes LTE utilisées dans le monde À un faible degré de rayonnement, elle présente un gain supérieur, avec une nette amélioration de la stabilité et de la fiabilité de liaison L antenne est IP67 waterproof, anti-UV, anti-corrosion saline ce qui assure http://www.secuobs.com/revue/news/604725.shtmlhttp://www.secuobs.com/revue/news/604725.shtml Secuobs.com : 2016-04-26 16:03:09 - Global Security Mag Online - Flexera Software, fournisseur de solutions de nouvelle génération pour la gestion des licences, de la conformité, de la sécurité et de l'installation de logiciels pour les éditeurs et les entreprises, annonce la publication de 14 rapports nationaux cybersécurité , dont la France, pour le premier trimestre 2016 Ces rapports rédigés par l'équipe Secunia Research de Flexera Software fournissent un état des lieux des logiciels vulnérables installés sur les ordinateurs privés dans certains pays Ces - Investigations http://www.secuobs.com/revue/news/604724.shtmlhttp://www.secuobs.com/revue/news/604724.shtml Secuobs.com : 2016-04-26 16:03:09 - Global Security Mag Online - Riverbed Technology lance Riverbed SteelConnect, une solution SD-WAN Software-Defined Wide Area Network centrée sur les applicatifs afin de répondre aux problématiques des entreprises en fournissant des solutions qui garantissent les besoins en termes de performance et d'agilité des applications SteelConnect peremt d'unifier la connectivité réseau et l'orchestration du déploiement d'application à travers des réseaux WAN hybrides, des réseaux LAN distants et des réseaux cloud comme Amazon Web Services - Produits http://www.secuobs.com/revue/news/604723.shtmlhttp://www.secuobs.com/revue/news/604723.shtml Secuobs.com : 2016-04-26 15:41:57 - Office of Inadequate Security - In the wake of the massive voter data leak affecting 87 million Mexican voters, INAI has urged the Senate to pass secondary http://www.secuobs.com/revue/news/604722.shtmlhttp://www.secuobs.com/revue/news/604722.shtml Secuobs.com : 2016-04-26 15:41:57 - Office of Inadequate Security - There s a new development in an insider breach that created shock waves internationally As I had noted back in 2014, a http://www.secuobs.com/revue/news/604721.shtmlhttp://www.secuobs.com/revue/news/604721.shtml Secuobs.com : 2016-04-26 15:27:40 - LinuxSecurity.com Latest News - LinuxSecuritycom Director of National Intelligence James Clapper said Monday that the Snowden revelations have sped up the sophistication of encryption by about seven years, according to the Christian Science Monitor http://www.secuobs.com/revue/news/604720.shtmlhttp://www.secuobs.com/revue/news/604720.shtml Secuobs.com : 2016-04-26 15:27:40 - LinuxSecurity.com Latest News - LinuxSecuritycom A recent survey of 500 CIOs and IT decision makers in the US, UK, Germany and France found that fully 94 percent of respondents see free Wi-Fi hotspots as a significant mobile security threat to their organizations http://www.secuobs.com/revue/news/604719.shtmlhttp://www.secuobs.com/revue/news/604719.shtml Secuobs.com : 2016-04-26 15:25:51 - Global Security Mag Online - Fujitsu vient de recevoir le prix mondial Partner Innovation Award , dans la catégorie Partenaire stratégique de l'année Ce prix lui a été décerné par VMware, à l'occasion du Partner Leaderschip Summit Toujours dans cette catégorie, Fujitsu s'est vu décerner deux autres Partner Innovation Awards ceux de Partenaire APJ et de Partenaire EMEA Fujitsu Océanie reçoit également le Partner Innovation Award Partenaire APJ dans la catégorie Prestataire de services partenaire Ces prix viennent - Business http://www.secuobs.com/revue/news/604718.shtmlhttp://www.secuobs.com/revue/news/604718.shtml Secuobs.com : 2016-04-26 15:14:53 - Slashdot Your Rights Online - tlhIngan writes It's finally happened -- the smartphone zombies are here The German city of Augsburg installed traffic lights in the sidewalks so smartphone users don't have to look up Apparently people are so addicted to their smartphones they can't be bothered to look up at traffic signals, so embedding them in the ground they don't have to According to the Washington Post report, the city spokeswoman Stephanie Lermen thinks the money used to install the lights is well spent A recent survey conducted in several European cities including Berlin, found that almost 20 percent of pedestrians were distracted by their smartphones Of course, younger people are at higher risk as they're willing to risk their safety to look at their Facebook profiles or WhatsApp messages, the survey found The problem may be even worse in the US A survey by the University of Washington found that 1 in 3 Americans is busy texting or working on a smartphone at dangerous road crossings City officials say installing the traffic lights is justified The idea is to install such traffic lights came after a 15-year-old girl was killed by a tram According to police reports, she was distracted by her smartphone as she crossed the tracks IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604717.shtmlhttp://www.secuobs.com/revue/news/604717.shtml Secuobs.com : 2016-04-26 14:50:39 - LinuxSecurity.com Latest News - LinuxSecuritycom A 132 GB database, containing the personal information on 934 million Mexican voters has finally been taken offline The database sat exposed to the public for at least eight days after its discovery by researcher Chris Vickery, but originally went public in September 2015 http://www.secuobs.com/revue/news/604716.shtmlhttp://www.secuobs.com/revue/news/604716.shtml Secuobs.com : 2016-04-26 14:48:54 - Global Security Mag Online - Zscaler, spécialiste de la sécurité internet, annonce sous l'appellation Zscaler Private Access, un nouveau service grâce auquel les entreprises peuvent autoriser l'accès à leurs applications et services internes sans compromettre la sécurité de leur réseau Dans un environnement professionnel de plus en plus mobile et en évolution constante, les entreprises doivent être en mesure d'autoriser l'accès à leurs données et applications internes à partir de n'importe quel endroit Traditionnellement, les - Produits http://www.secuobs.com/revue/news/604715.shtmlhttp://www.secuobs.com/revue/news/604715.shtml Secuobs.com : 2016-04-26 13:57:00 - Office of Inadequate Security - First it was their web sites failing to protect privacy, and now it s their apps Cory Bennett reports Over half of http://www.secuobs.com/revue/news/604714.shtmlhttp://www.secuobs.com/revue/news/604714.shtml Secuobs.com : 2016-04-26 13:57:00 - Office of Inadequate Security - Jim Finkle reports SWIFT, the global financial network that banks use to transfer billions of dollars every day, warned its http://www.secuobs.com/revue/news/604713.shtmlhttp://www.secuobs.com/revue/news/604713.shtml Secuobs.com : 2016-04-26 13:23:21 - Hackaday - There is an argument to be made that whichever hue of political buffoons ends up in Number 10 Downing Street, the White House, the Élysée Palace, or wherever the President, Prime Minister or despot lives in your country, eventually they will send the economy down the drain Fortunately, there is a machine for that MONIAC is an analogue computer with water as its medium, designed to simulate a national economy for students Invented in 1949 by the New Zealand economist WIlliam Phillips , it is a large wooden board with a series of tanks interconnected by pipes and valves Different sections read more http://www.secuobs.com/revue/news/604712.shtmlhttp://www.secuobs.com/revue/news/604712.shtml Secuobs.com : 2016-04-26 13:21:36 - Help Net Security - Bitdefender has discovered a significant vulnerability within Facebook which allowed access to any user account through simple social login manipulation The attacker was able to gain access to personal user information, a contacts list for potential malware distribution and payment information allowing purchases to be made in the user s name Attack vector The attack vector in this case social logins are an alternative to traditional authentication This form of access offers users More http://www.secuobs.com/revue/news/604711.shtmlhttp://www.secuobs.com/revue/news/604711.shtml Secuobs.com : 2016-04-26 13:00:30 - Global Security Mag Online - QNAP Systems, Inc a annoncé la sortie de QTS 421 le système d'exploitation intelligent pour NAS avec toujours plus de nouvelles fonctionnalités et applications améliorées permettant d'en faire plus pour la gestion des données et les applications professionnelles Ses nouvelles fonctionnalités ainsi que ses améliorations logicielles permettent une expérience de gestion des données encore plus fluide et mieux pensée, tout en renforçant la sécurité des services Cloud Switch réseau et virtuel - Produits http://www.secuobs.com/revue/news/604710.shtmlhttp://www.secuobs.com/revue/news/604710.shtml Secuobs.com : 2016-04-26 12:56:17 - 411 spyware - Royal Raid is a typically worthless application that follows the footsteps of its identical predecessors, including Wander Burst, Blazer Deals, Gravity Space, and Jungle Net All of these ad-supported programs were built on the notorious Injekt engine This adware has only one real function and that is to show annoying third-party ads on your screen http://www.secuobs.com/revue/news/604709.shtmlhttp://www.secuobs.com/revue/news/604709.shtml Secuobs.com : 2016-04-26 12:56:17 - 411 spyware - If you have experienced sudden changes within your web browser s default settings, make sure to check your operating system for a browser hijacker, since usually programs of this category are responsible for such alterations A hijacker that is known to be rather active these days is called mysafenewpagescom and might be the reason these modifications http://www.secuobs.com/revue/news/604708.shtmlhttp://www.secuobs.com/revue/news/604708.shtml Secuobs.com : 2016-04-26 12:56:17 - 411 spyware - When you find Searchincognitocom in your browsers, you should ask yourself this question Do I want to risk my virtual security As a matter of fact, we have classified this infection as a browser hijacker since it has the ability to change certain browser settings We do not claim that this happens without your knowledge http://www.secuobs.com/revue/news/604707.shtmlhttp://www.secuobs.com/revue/news/604707.shtml Secuobs.com : 2016-04-26 12:56:17 - 411 spyware - If you see annoying parenting-related advertisements popping up on your desktop, then your computer probably got infected with BabyBrowse We have analyzed this program and recommend that you remove it from your PC as soon as possible We have concluded that this program is malicious due to its distribution methods and the content that it http://www.secuobs.com/revue/news/604706.shtmlhttp://www.secuobs.com/revue/news/604706.shtml Secuobs.com : 2016-04-26 12:40:15 - Help Net Security - Did you know that there are over 1,200 Android apps, both official and unofficial, that help voters keep track of the happenings in the US presidential primary Better yet, did you know that over 50 percent of them can expose sensitive user data We re talking about account details, location, list of installed apps, device info, unique IMSI number, settings, your phone number collected by the apps and sent to remote servers, often over unsecured More http://www.secuobs.com/revue/news/604705.shtmlhttp://www.secuobs.com/revue/news/604705.shtml Secuobs.com : 2016-04-26 12:22:52 - Global Security Mag Online - Une enquête réalisée début 2016 par la société de cyber sécurité F-Secure révèle la présence de milliers de failles critiques sur les réseaux entreprise Danger celles-ci peuvent être utilisées par des cyber criminels F-Secure Radar, outil complet de gestion et d'analyse des vulnérabilités, a permis à cette enquête de révéler d'importantes lacunes des dizaines de milliers de systèmes mal configurés, des logiciels non-patchés et pléthore d'autres failles Encore une nouvelle preuve que les entreprises - Investigations http://www.secuobs.com/revue/news/604704.shtmlhttp://www.secuobs.com/revue/news/604704.shtml Secuobs.com : 2016-04-26 12:22:52 - Global Security Mag Online - L'essor des services Over-The-Top OTT pour les vidéos, le visionnage multi-écrans et la télévision sur tous les supports a amorcé un tournant dans la production et la distribution télévisuelle et vidéo Pour capitaliser sur les nouvelles opportunités qu'offre ce marché, les propriétaires de contenus, producteurs, diffuseurs ainsi que les fournisseurs de services avec qui ils collaborent, recherchent de nouveaux moyens de créer, stocker, gérer et distribuer les contenus télévisuels et vidéo numériques - Points de Vue http://www.secuobs.com/revue/news/604703.shtmlhttp://www.secuobs.com/revue/news/604703.shtml Secuobs.com : 2016-04-26 12:12:24 - Slashdot Your Rights Online - An anonymous reader writes Tesla is scheduled to install more energy storage capacity in 2016 with SolarCity alone than all of the US installed in 2015 It was revealed in a recent filing with the US Securities and Exchange Commission SEC that Tesla foresees an almost 10x increase in sales to SolarCity for behind the meter storage From the SEC filing We recognized approximately 49 million in revenue from SolarCity during fiscal year 2015 for sales of energy storage governed by this master supply agreement, and anticipate recognizing approximately 440 million in such revenues during fiscal year 2016 This revenue projection means Tesla expects to install approximately 116 MWh of behind the meter storage The US for example installed about 76 MWh of behind the meter storage SolarCity and Tesla Energy doubled their battery installation volume last year What's particularly noteworthy is that the 116 MWh expectation does not include SolarCity's biggest project -- Kauai Island's coming 52 MWh system Hawaii is aiming for 100pourcents renewable energy by 2045 and has contracted with SolarCity to balance the two 12MW Solar Power plants with the Kauai Island Utility Cooperative KIUC By 2020, there will be 70 GWh of Tesla battery storage on the road, and Straubel expects there to be 10 GWh of controllable load in those cars IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604702.shtmlhttp://www.secuobs.com/revue/news/604702.shtml Secuobs.com : 2016-04-26 11:45:02 - Global Security Mag Online - Le 3 juin prochain à Fleurance se déroulera la deuxième édition de la journée Cybersécurité et Territoires , portée par le sénateur-maire de Fleurance, Raymond VALL Rendez-vous des acteurs de la sécurité numérique et des acteurs économiques locaux, cette journée a pour objectifs de sensibiliser à la cybersécurité l'ensemble des acteurs des territoires, d'associer la dimension cybersécurité à la double dynamique locale menée par Raymond VALL, également Président du Pays Portes de Gascogne, autour - Événements http://www.secuobs.com/revue/news/604701.shtmlhttp://www.secuobs.com/revue/news/604701.shtml Secuobs.com : 2016-04-26 11:45:02 - Global Security Mag Online - La plupart des entreprises du monde s'accordent sur le caractère vital d'une assurance contre les violations de données Pourtant, en France, seules 40 pourcents des entreprises sont intégralement couvertes contre les violations de sécurité et à la perte de données De même, seules un peu plus du tiers des entreprises hexagonales ont contracté une police de cyber-assurance dédiée C'est le constat révélé par le rapport Risk Value 2016 publié par NTT Com Security, spécialiste mondial de la gestion du risque et de la - Investigations http://www.secuobs.com/revue/news/604700.shtmlhttp://www.secuobs.com/revue/news/604700.shtml Secuobs.com : 2016-04-26 11:44:51 - Forensic Focus - Sifting through data is a very time consuming process- the average US smartphone user takes up 108GB of storage capacity on their device , and taking into account different data recovery options in UFED Physical Analyzer, this process may take up to several hours to complete UFED 50 came out with major time-savers that drastically decrease your investigation time, and lets you focus on the data that is most crucial to your investigation Version 50 brings five crucial industry-first features, and support for 19,203 device profiles and 1,528 app versions Release Highlights Unify multiple extractions Original file source validation Common Image Filter Extract Data from Blocked Apps Temporary root ADB solution for Selected Android Devices Support for newly released Devices http://www.secuobs.com/revue/news/604699.shtmlhttp://www.secuobs.com/revue/news/604699.shtml Secuobs.com : 2016-04-26 11:06:23 - Global Security Mag Online - L'ESIEA, école d'ingénieurs du monde numérique, met à la disposition du public un logiciel qui vérifie la sécurité des connexions chiffrées Téléchargeable gratuitement, il fait déjà le buzz chez les experts car il alerte sur un sujet sensible Https ces quelques caractères familiers accompagnés d'un cadenas certifient qu'un site est sécurisé et qu'on peut y effectuer des transactions en toute confiance, sans risque d'interception malveillante Pour rappel, 700 millions de transactions ont été effectuées en - Produits http://www.secuobs.com/revue/news/604698.shtmlhttp://www.secuobs.com/revue/news/604698.shtml Secuobs.com : 2016-04-26 10:46:20 - Help Net Security - Shopware, an open-source e-commerce software chosen by a number of big European companies to power their online shops, has recently pushed out a critical security update The update fixes a remote code execution bug that could allow attackers to read files on the target system, create new ones with malicious content, and run arbitrary code on the target system This is a critical security vulnerability that not only affect the functions of the shop, but More http://www.secuobs.com/revue/news/604697.shtmlhttp://www.secuobs.com/revue/news/604697.shtml Secuobs.com : 2016-04-26 10:45:45 - TorrentFreak - A new report from piracy tracking firm MUSO reveals that the piracy landscape continues to evolve Pirate sites received a staggering 140 billion visits last year, but there's a clear shift from torrents to direct download and streaming sites Interestingly, traffic to private trackers remains relatively stable Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604696.shtmlhttp://www.secuobs.com/revue/news/604696.shtml Secuobs.com : 2016-04-26 10:28:04 - Global Security Mag Online - Avec près d'un million de menaces de logiciels malveillants malwares subies dans le monde chaque jour, il est vital que les organisations déploient une stratégie de sécurité et de défense du réseau proactive, qui puisse protéger les multiples couches du réseau Soucieux de fournir aux entreprises des capacités de sécurité renforcées, ALE annonce aujourd'hui avoir ajouté un niveau de protection supplémentaire contre les séries d'attaques grandissantes ALE a amélioré la sécurité déjà prouvée de son - Produits http://www.secuobs.com/revue/news/604695.shtmlhttp://www.secuobs.com/revue/news/604695.shtml Secuobs.com : 2016-04-26 10:28:04 - Global Security Mag Online - Dans une nouvelle étude approfondie de BSA The Software Alliance sur les politiques et réglementations applicables au cloud computing au niveau mondial, la France se classe à la 5ème place des 24 principaux marchés IT mondiaux Elle gagne une place par rapport à la première édition de l'étude publiée en 2013, suite à certaines réformes législatives et règlementaires qui ont été favorables à l'essor du cloud computing en France La France se doit de jouer un rôle de premier plan au niveau de l'UE BSA se - Investigations http://www.secuobs.com/revue/news/604694.shtmlhttp://www.secuobs.com/revue/news/604694.shtml Secuobs.com : 2016-04-26 10:10:52 - Hackaday - We wish we had Karri Palovuori for a professor As an exciting project to get incoming freshmen stoked on electrical engineering, he designed a DIY thermal-imaging smartphone that they can build themselves It s all built to fit into a sleek wooden case that gives the project its name KAPULA is Finnish for a block of wood It s just incredible how far one can push easily-available modules these days Karri mounts a FLIR Lepton thermal camera, an LPC1768 Cortex M3 ARM micro, a GSM phone module, and a whole bunch of other cool stuff on a DIY-friendly two-sided board The design read more http://www.secuobs.com/revue/news/604693.shtmlhttp://www.secuobs.com/revue/news/604693.shtml Secuobs.com : 2016-04-26 09:32:42 - Help Net Security - If you saw the film Wall Street, you undoubtedly recall the iconic character Gordon Gekko famously stating, what s worth doing is worth doing for money This perspective is increasingly making its way into the philosophy and mindset of the modern cyber-security attacker or hacker, if you prefer There are numerous recent examples, perhaps none more attention-grabbing that the trend toward ransomware attacks against healthcare providers, including hospitals A variety of conditions are coming together to More http://www.secuobs.com/revue/news/604692.shtmlhttp://www.secuobs.com/revue/news/604692.shtml Secuobs.com : 2016-04-26 09:31:12 - Dinis Cruz Blog - Here also embedded below is a mapping of several BSIMM activities and translating them into a questionnaire that can be easily filled in by developers, technical architects, business owners and security champions called satellites in BSIMM Note that not all activities are there Some only made sense for SSG Software Security Group to answer, and I already knew the answer for others This is still a work in progress, and I'm not happy with the wording of some of the questions But it is good enough to give a try and get feedback The objective is to create metrics about multiple development teams, so that a set of targets can be set and an action plan created http://www.secuobs.com/revue/news/604691.shtmlhttp://www.secuobs.com/revue/news/604691.shtml Secuobs.com : 2016-04-26 09:14:37 - Global Security Mag Online - Le Forum TAC met en relation les besoins des donneurs d'ordres publics et privés et les solutions proposées par les entreprises et crée ainsi un dialogue de haut niveau axé sur la performance et l'innovation en matière de sécurité Un événement au format unique qui associe des rendez-vous d'affaires, un Forum Innovation, des démonstrations, un espace networking, des cas pratiques et des interventions de haut niveau Quelques intervenants et rendez-vous Jeudi 28 avril, 17h Amphithéâtre Pasteur - - Événements http://www.secuobs.com/revue/news/604690.shtmlhttp://www.secuobs.com/revue/news/604690.shtml Secuobs.com : 2016-04-26 08:56:04 - Help Net Security - Who will be the victim of the next major breach Nearly all enterprises and organizations are sitting ducks for a targeted network attack Maybe it s time to take some significant steps and be able to proclaim We won t get breached again Preventative security cannot prevent a network intruder from penetrating a network 100pourcents of the time The best pen testers even guarantee that they can get into a network within two days Prevention is still More http://www.secuobs.com/revue/news/604689.shtmlhttp://www.secuobs.com/revue/news/604689.shtml Secuobs.com : 2016-04-26 08:20:05 - Help Net Security - Worldwide spending on Internet of Things security will reach 348 million in 2016, a 237 percent increase from 2015 spending of 2815 million, according to Gartner Furthermore, spending on IoT security is expected to reach 547 million in 2018 It s encouraging to see the investment in security spend for IoT increase, it will however not be enough based upon Gartner forecasts Our reliance on such devices will extend to well beyond consumer IoT, and such More http://www.secuobs.com/revue/news/604688.shtmlhttp://www.secuobs.com/revue/news/604688.shtml Secuobs.com : 2016-04-26 07:18:48 - Hackaday - Drones fill the sky raining hellfire on unsuspecting civilians below Self-driving cars only cause half as many accidents as carbon-based drivers Autonomous vehicles are the future, no matter how bleak that future is One thing we haven t seen much of is autonomous marine vehicles, be they submarines, hovercrafts, or sailboats That s exactly what silvioBi is building for his entry into the Hackaday Prize a sailboat that will ply the waters of Italy s largest lake Every boat needs a hull, but this project will need much more, from electronics to solar panels to sensors Luckily for silvio , choosing a hull is read more http://www.secuobs.com/revue/news/604687.shtmlhttp://www.secuobs.com/revue/news/604687.shtml Secuobs.com : 2016-04-26 07:17:37 - Security Bloggers Network - code_sastIf you read my previous post Selecting SAST you will have undergone the extensive process of selecting a very valuable asset in the quest to secure your software You have probably also discovered by now that there is a learning Continue reading The post Deploying SAST Static Application Security Testing appeared first on AsTech Consulting http://www.secuobs.com/revue/news/604686.shtmlhttp://www.secuobs.com/revue/news/604686.shtml Secuobs.com : 2016-04-26 07:17:37 - Security Bloggers Network - As I discussed in last week s post, smartphones, tablets, desktops, industrial equipment, servers and other technologies that connect to a corporate network are considered endpoints Unfortunately, bad actors can abuse those devices and their network access to attack an organization That is why IT staff need to protect as many of their company s endpoints as Read More The post 4 Key Steps to Securing Your Endpoints appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/604685.shtmlhttp://www.secuobs.com/revue/news/604685.shtml Secuobs.com : 2016-04-26 07:17:37 - Security Bloggers Network - Broadcast technologies were originally isolated islands In today s world, they are now interconnected Let s examine why this trend exists and why increased risk is associated with it We will look at three points of view the broadcaster s, the consumer s, and the hacker s From a broadcaster s point of view, connectivity is advantageous towards creating and delivering Read More The post Broadcast Not Immune to Breaches appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/604684.shtmlhttp://www.secuobs.com/revue/news/604684.shtml Secuobs.com : 2016-04-26 07:17:37 - Security Bloggers Network - Technology infrastructure TI at banks involves a dizzying array of things from employee laptops and desktops, software applications, and hosting networks to networking and cabling linking offices around the world, Internet of Things IoT devices, sophisticated enterprise tools, data centers and so on Just as a country needs its critical infrastructure for economic growth, TI Read More The post How To Bolster Banking Technology Infrastructure and Address Cyber Risks appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/604683.shtmlhttp://www.secuobs.com/revue/news/604683.shtml Secuobs.com : 2016-04-26 04:06:40 - Hackaday - We know what you re thinking There s no way an 8 watt USB-powered soldering iron could be worth the 5 it commands on eBay That s what BigClive thought too, so he bought one, put the iron through a test and teardown, and changed his mind Can he convince you too Right up front, BigClive finds that the iron is probably not suitable for some jobs Aside its obvious unsuitability for connections that take a lot of heat, there s the problem of leakage current when used with a wall-wart USB power supply The business end of the iron ends up getting enough read more http://www.secuobs.com/revue/news/604682.shtmlhttp://www.secuobs.com/revue/news/604682.shtml Secuobs.com : 2016-04-26 04:04:32 - TorrentFreak - After one-and-a-half years of downtime, Pirate Bay's image hosting service Bayimg has suddenly reappeared The site was pulled offline after a TPB server was compromised in 2014, but now it's back However, according to the TPB team the site's revival will only be short-lived Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604681.shtmlhttp://www.secuobs.com/revue/news/604681.shtml Secuobs.com : 2016-04-26 03:09:59 - Slashdot Your Rights Online - An anonymous reader writes Apps released by the campaigns of Republican presidential contenders Ted Cruz and John Kasich have the potential for hackers to access users' personal information According to an independent analysis by Symantec, the Cruz Crew app could allow third parties to capture a phone's unique identifying number and other personal information while the Kasich 2016 app could expose users' location data and information about other apps installed on the phones First it was Veracode that reported potential vulnerabilities with the apps, now it's Symantec Apparently the Cruz campaign updated its app to resolve the issues after the Veracode report was released Kasich spokesman Rob Nichols said the security experts didn't know what they were talking about Both campaigns have yet to respond to the latest Symantec analysis Neither security firm found any issues in the app released by the campaign of Democrat Bernie Sanders Republican Donald Trump and Democrat Hillary Clinton do not have campaign apps IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604680.shtmlhttp://www.secuobs.com/revue/news/604680.shtml Secuobs.com : 2016-04-26 03:01:44 - Security Bloggers Network - Banner - The Uphill BattleIn a few of my previous blog posts, I have published some statistics regarding application vulnerability types found, related secure code remediation, and trends related to those vulnerabilities based on data that we have captured over the years from our Continue reading The post Application Security Vulnerabilities Over Time The Uphill Battle appeared first on AsTech Consulting http://www.secuobs.com/revue/news/604679.shtmlhttp://www.secuobs.com/revue/news/604679.shtml Secuobs.com : 2016-04-26 03:01:44 - Security Bloggers Network - In my younger days, I d enjoy reading many books I went through a phase where I really enjoyed Stephen King stories One of my favourites being Christine , the story of a car that was possessed by a demon or something I d often come across new words that I didn t understand And being before the days Continue reading Defining Threat Intelligence http://www.secuobs.com/revue/news/604678.shtmlhttp://www.secuobs.com/revue/news/604678.shtml Secuobs.com : 2016-04-26 03:01:44 - Security Bloggers Network - As well as avoiding booby-trapped Word attachments, you need to keep your eye out for suspicious JavaScript in emails, too http://www.secuobs.com/revue/news/604677.shtmlhttp://www.secuobs.com/revue/news/604677.shtml Secuobs.com : 2016-04-26 02:08:07 - Slashdot Your Rights Online - MikeChino quotes a report from Inhabitat Scientists just discovered a new state of water molecules that displays some pretty unexpected characteristics This discovery, made by researchers at the US Department of Energy's Oak Ridge National Laboratory ORNL , reveals that water molecules tunnel in ultra-small hexagonal channels measuring only 5 angstrom across of the mineral beryl Basically, this means the molecules spread out when they are trapped in confined spaces, taking a new shape entirely The ORNL used neutron scattering and computational modeling to reveal the tunneling state of water that breaks the rules of known fundamentals seen in gas, liquid, or solid state The researchers said the discovery describes the behavior of water molecules present in tightly confined areas such as cell walls, soils, and rocks The study was published in Physical Review Letters on April 22 IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604676.shtmlhttp://www.secuobs.com/revue/news/604676.shtml Secuobs.com : 2016-04-26 02:00:29 - Hacker Public Radio - I purchased a 3D printer kit from AliExpress http wwwaliexpresscom item Free-shipping-High-Quality-Precision-Reprap-Prusa-i3-DIY-3d-Printer-kit-with-2-Roll-Filament 32424257787html Here are some after thoughts on how I liked it, a little overview of 3D printers and why I bought this one Pictures of the printer as assembled, and a few items I printed http wwwtravestylabscom 3Dprinter I hope to make this into a series about software, tips and modifications, and other thoughts I have to share about it Links http wwwaliexpresscom item Free-shipping-High-Quality-Precision-Reprap-Prusa-i3-DIY-3d-Printer-kit-with-2-Roll-Filament 32424257787html http wwwtravestylabscom 3Dprinter http://www.secuobs.com/revue/news/604675.shtmlhttp://www.secuobs.com/revue/news/604675.shtml Secuobs.com : 2016-04-26 01:57:45 - Office of Inadequate Security - Donna Mahoney reports A California worker claims in a federal lawsuit that three of the largest workers compensation http://www.secuobs.com/revue/news/604674.shtmlhttp://www.secuobs.com/revue/news/604674.shtml Secuobs.com : 2016-04-26 01:25:57 - Hackaday - As a hackspace member, it s easy to fall into the belief that your own everyday skills are universal Soldering for example You ve handled an iron since you were a youngster, the solder bends to your will as a matter of course, and since you see your fellow makers doing the same thing you might imagine that it s a universal hackspace skill Everyone can do it, can t they Of course, they can t If you weren t lucky enough to have a parent who tolerated your occasional propensity for acquiring burns on your fingers then you probably won t have that innate experience with read more http://www.secuobs.com/revue/news/604673.shtmlhttp://www.secuobs.com/revue/news/604673.shtml Secuobs.com : 2016-04-26 00:58:29 - Slashdot Your Rights Online - The Department of Labor's overtime rule is expected to be updated some time later this summer, and when it does, you will soon be entitled to overtime pay if you make less than 50,000 per year According to Gawker, It now appears that even if you are a salaried employee or some sort of 'manager,' you will still be entitled to time-and-a-half pay for working more than 40 hours per week, as long as your total salary falls under the threshold How did they come to this conclusion Gawker points out that the Department of Labor promotes a Wall Street Journal story which says that The threshold would be increased to 970, or 50,440 annually That level is about the 40th percentile of weekly earnings for salaried workers Hamilton Nolan writes, This rule has been a matter of political contention for years But now that it is actually approaching, its import is becoming clear overtime pay, which has long been isolated to a minority of workers, is about to be extended to almost the entire middle class IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604672.shtmlhttp://www.secuobs.com/revue/news/604672.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - Leaked exploits which once belonging to Hacking Team have been discovered in exploit kits which deliver malware to Android users http://www.secuobs.com/revue/news/604671.shtmlhttp://www.secuobs.com/revue/news/604671.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - Fraudster Phishing Users with Malicious Mobile Apps Since the beginning of 2016, PhishLabs has observed a number of malicious mobile applications targeting users of popular payment card companies and online payment sites These attacks combine traditional, browser-based phishing attacks with the mobile platform in order to create convincing mobile applications These applications claim to afford the user access to their accounts directly from their mobile device however, their only functionality is the capability to collect credentials and personal information and deliver that stolen information to the attacker Our research has indicated that these malicious applications have been created by the same actor or group of actors http://www.secuobs.com/revue/news/604670.shtmlhttp://www.secuobs.com/revue/news/604670.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - By Joanna Grama, Director of Cybersecurity and IT GRC Programs, EDUCAUSE When information security professionals get together, there is no shortage of conversation From sharing points-of-view on the latest hot topic to swapping technology implementation tips, information security professionals are determined to learn from one another to advance the profession This shared commitment to improving information security was on full display during the Peer2Peer Session Advancing Information Security Strategies in Higher Education at the 2016 RSA Conference The session was filled to capacity and http://www.secuobs.com/revue/news/604669.shtmlhttp://www.secuobs.com/revue/news/604669.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - The professional dumbass allegedly tweeted Is someone going to bomb the Trump rally or am I going to have to http://www.secuobs.com/revue/news/604668.shtmlhttp://www.secuobs.com/revue/news/604668.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - The Electronic Frontier Foundation has published an interesting look at secure messaging, as it exists today, including a super-handy scorecard Yay http://www.secuobs.com/revue/news/604667.shtmlhttp://www.secuobs.com/revue/news/604667.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - Drones can graffiti walls that no person can reach Note that wiredcom blocks ad blockers My trick is to copy the page and then paste it into my text editor http://www.secuobs.com/revue/news/604666.shtmlhttp://www.secuobs.com/revue/news/604666.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - Microsoft-as-a-Service is promising, but company finds old habits are expensive to break Multiplatform Microsoft sees new areas of growth, with bumps along the way Multiplatform Microsoft sees new areas of growth, bumps along the way Microsoft-as-a-Service is promising, but company finds old habits are expensive to break Under Steve Ballmer, Microsoft had two sacred cows Windows and Office Now that refrain has changed Mobile first Cloud first Even if that means it's not on Windows first read more http://www.secuobs.com/revue/news/604665.shtmlhttp://www.secuobs.com/revue/news/604665.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - Clouds tout their rapid elasticity, infinite scalability and commodity pricing when wooing developers and operations engineers While these are some of the sexier features of today s cloud infrastructure providers, they are not the ultimate differentiator that will win the hearts and minds of the desirable CIOs running the Fortune 5000 enterprises What magic trait will cloud providers rely on to earn the hearts of these power players Security the elusive and forever-moving target for many organizations http://www.secuobs.com/revue/news/604664.shtmlhttp://www.secuobs.com/revue/news/604664.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - Companies of all sizes in multiple sectors lose sensitive information, millions of dollars, and their good reputation every year to cyberattacks Human error accounts for an estimated 95 percent of security incidents Bein http://www.secuobs.com/revue/news/604663.shtmlhttp://www.secuobs.com/revue/news/604663.shtml Secuobs.com : 2016-04-26 00:50:02 - Security Bloggers Network - Over the past few years, technology companies have increasingly moved toward partnering with security researchers to better protect their products, services, and customers Recognizing that vulnerability research is a valuable part of securing the online environment, they have matured programs to work together with researchers in receiving, triaging, and responding to reports Microsoft s focus on coordinating with researchers has developed over time As we launched our first BlueHat Briefing in Read more http://www.secuobs.com/revue/news/604662.shtmlhttp://www.secuobs.com/revue/news/604662.shtml Secuobs.com : 2016-04-26 00:49:13 - Risk Assessment Ars Technica - The Bangladesh Bank's internal network security was sorely lacking http://www.secuobs.com/revue/news/604661.shtmlhttp://www.secuobs.com/revue/news/604661.shtml Secuobs.com : 2016-04-26 00:23:47 - Slashdot Your Rights Online - snydeq writes InfoWorld's Dan Tynan offers an inside look at how high-tech software vendors such as Adobe, Oracle, and IBM play hardball over software licensing, pushing customers to true up to the tune of billions of dollars per year -- and using the threat of audits as a sales tool to close lucrative deals When it comes to software audits, the code of omerta prevails, Tynan writes It's not a question of whether your organizations' software licenses will get audited It's only a question of when, how often, and how painful the audits will be The shakedown is such a sure thing that nearly every customer we contacted asked us to keep their names out of this story, lest it make their employers a target for future audits IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604660.shtmlhttp://www.secuobs.com/revue/news/604660.shtml Secuobs.com : 2016-04-26 00:14:23 - Risk Assessment Ars Technica - This is not a joke, e-mail threatening massive DDoS says Except it is http://www.secuobs.com/revue/news/604659.shtmlhttp://www.secuobs.com/revue/news/604659.shtml Secuobs.com : 2016-04-25 22:49:44 - ISC 2 Blog - Security professionals know that their skills are in demand Employers looking to fill security roles are looking for candidates to differentiate themselves and stand out Increasingly certification plays a critical role in that process and helps signal to employers that candidates have the knowledge and experience to fill key roles I am happy to introduce a new feature for ISC certified members to help broadcast their certification achievements ISC has partnered with an organization called Acclaim, a subsidiary of Pearson VUE, to enable verifiable digital representations of our certifications When members accept the digital badge from Acclaim they can broadcast http://www.secuobs.com/revue/news/604658.shtmlhttp://www.secuobs.com/revue/news/604658.shtml Secuobs.com : 2016-04-25 22:19:37 - Slashdot Your Rights Online - Ernesto Van der Sar, reporting for TorrentFreak Swedish Internet service provider Bahnhof says it will do everything in its power to prevent copyright holders from threatening its subscribers The provider is responding to a recent case in which a competing ISP was ordered to expose alleged BitTorrent pirates, reportedly without any thorough evidence At the birth ground of The Pirate Bay, media outfit Crystalis Entertainment received permission from the court to identify several BitTorrent users, based on their IP-addresses The case, which could be the first of many, was filed against the local ISP TeliaSonera who handed over the requested information without putting up much of a fight This prompted the competing Internet provider Bahnhof to issue a warning The company notes that the copyright holder in question doesnâ TM t have a very strong case, and it criticizes Telia for caving in too easily IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604657.shtmlhttp://www.secuobs.com/revue/news/604657.shtml Secuobs.com : 2016-04-25 22:12:02 - Hackaday - The Jargon File describes a wizard as someone who groks something to a very high degree, or the kind of person that builds a polymer concrete CNC machine with a pneumatic tool changing spindle that they designed by themselves It makes you think that maybe Tony Stark COULD build it in a cave with scraps It s a five part video series showing snippets of the build process The last video gives an overview of the design of the machine It is all very much in German, so if you speak German and we got anything wrong about the machine or read more http://www.secuobs.com/revue/news/604656.shtmlhttp://www.secuobs.com/revue/news/604656.shtml Secuobs.com : 2016-04-25 22:10:01 - Risk Assessment Ars Technica - Cyber Command plans to mount hacking attacks that disrupt ISIS operations http://www.secuobs.com/revue/news/604655.shtmlhttp://www.secuobs.com/revue/news/604655.shtml Secuobs.com : 2016-04-25 22:09:06 - Office of Inadequate Security - The Grand Sierra Resort in Reno, Nevada, has become the latest hospitality entity to disclose a data breach involving http://www.secuobs.com/revue/news/604654.shtmlhttp://www.secuobs.com/revue/news/604654.shtml Secuobs.com : 2016-04-25 22:09:06 - Office of Inadequate Security - Sarah Perez reports A list containing hundreds of Spotify account credentials including emails, usernames, passwords, http://www.secuobs.com/revue/news/604653.shtmlhttp://www.secuobs.com/revue/news/604653.shtml Secuobs.com : 2016-04-25 21:29:27 - Darknet The Darkside - http://www.secuobs.com/revue/news/604652.shtmlhttp://www.secuobs.com/revue/news/604652.shtml Secuobs.com : 2016-04-25 21:29:11 - Risk Assessment Ars Technica - What they had forecasted for seven years ahead, three years ago, was accelerated http://www.secuobs.com/revue/news/604651.shtmlhttp://www.secuobs.com/revue/news/604651.shtml Secuobs.com : 2016-04-25 20:55:07 - Hackaday - Hackaday s own mythical beast, Sophi Kravitz makes some amazing collaborative tech-art pieces In this talk, she walks us through four of the art projects that she s been working on lately, and gives us a glimpse behind the scenes into the technical side of what it takes to see an installation from idea, to prototype, and onto completion Watch Sophi s talk from the Hackaday Belgrade conference and then join us after the jump for a few more details Due to the scale of these projects, there is no artist sitting alone in a room working in solitude Sophi usually works read more http://www.secuobs.com/revue/news/604650.shtmlhttp://www.secuobs.com/revue/news/604650.shtml Secuobs.com : 2016-04-25 20:27:12 - Slashdot Your Rights Online - Long time reader schwit1 writes The Defense Advanced Research Projects Agency DARPA , an agency within the Department of Defense historically known for creating the Internet itself, has published a call for companies to submit proposals to build a robust messaging platform that the military could use for secure communication of everything from intelligence to procurement contracts Troops on the ground in denied communications environments would have a way to securely communicate back to HQ and DoD back office executives could rest assured that their logistics system is efficient, timely and safe from hackers, according to the DARPA proposal The request for proposals, reported earlier by the UK's Telegraph outlet, also says that the messaging platform should incorporate a customized blockchain, the distributed ledger technology that underpins the digital currency bitcoin, for recording messages and contract information The proposal says such a distributed ledger would allow the military to conduct its business in a more efficient and secure fashionMotherboard's Lorenzo Franceschi-Bicchierai reports that DARPA is willing to pay people to make this app This project falls under the rules of the Small Business Technology Transfer STTR program During the first phase, according to the program's rules, successful applicants might be awarded no more than 150,000 for one year The companies and researchers who are part of phase one can then be eligible for a phase two award of up to 1 million for two years Lastly, during phase three, the company or companies can pursue commercialization, and receive no funds from the federal government IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604649.shtmlhttp://www.secuobs.com/revue/news/604649.shtml Secuobs.com : 2016-04-25 19:23:00 - Slashdot Your Rights Online - An anonymous reader cites an article on The Intercept The director of national intelligence on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years, James Clapper said The shortened timeline has had a profound effect on our ability to collect, particularly against terrorists, he said When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency The projected growth maturation and installation of commercially available encryption -- what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no From our standpoint, it's not â it's not a good thing, he said Of all the things I've been accused of, Snowden said, this is the one of which I am most proud IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604648.shtmlhttp://www.secuobs.com/revue/news/604648.shtml Secuobs.com : 2016-04-25 19:15:12 - Hackaday - We told you about these printable magnets a while back When you have the ability to squeeze many smaller magnets into a tiny spot and adjust their north south orientations at will, you can not only control the strength of the overall magnetic field, you can construct new and seemingly physics-defying widgets This article will not focus on the magnets themselves, but instead we re going to peel away the closed source shroud that hides the inner workings of that nifty little printer of theirs There has been a lot of talk about these printable magnets, but very little about how they re read more http://www.secuobs.com/revue/news/604647.shtmlhttp://www.secuobs.com/revue/news/604647.shtml Secuobs.com : 2016-04-25 18:34:53 - 4sysops - Profile photo of Anil Erduran Anil Erduran - 0 comments Anil Erduran is a principal consultant and subject matter expert for Hitachi Data Systems EMEA, based in London, UK He is also a dual category Microsoft Most Valuable Professional in Cloud and Datacenter Management and Microsoft Azure Anil can be found on Twitter anil_erduran In my previous post in this series, I discussed the different ways of accessing data in Azure Storage Services generally Today I am going to look at storage accounts in detail http://www.secuobs.com/revue/news/604646.shtmlhttp://www.secuobs.com/revue/news/604646.shtml Secuobs.com : 2016-04-25 18:33:55 - Office of Inadequate Security - Nereida Moreno reports A mail delivery truck carrying the personal information of 2,400 Kaiser Permanente members on the http://www.secuobs.com/revue/news/604645.shtmlhttp://www.secuobs.com/revue/news/604645.shtml Secuobs.com : 2016-04-25 18:08:24 - Slashdot Your Rights Online - An anonymous reader writes Personal information of over one million users stored by popular dating site BeautifulPeople has leaked, and is now accessible online We already knew that BeautifulPixelcom was hacked it happened in November 2015 , but this is the first confirmation from a security researcher that the details are legitimate BeautifulPeople had downplayed it at the time, saying that it was a staging server, and not a production server, that was hacked Security researcher Troy Hunt, citing a source, noted that the data has been sold online The leaked personal information include email addresses, phone numbers, as well as hair color, weight, job and other detailsTroy also noted that of the 11 million users details,170 of them have government email addresses Some of you may remember BeautifulPixel as the creator the Shrek virus IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604644.shtmlhttp://www.secuobs.com/revue/news/604644.shtml Secuobs.com : 2016-04-25 18:01:03 - Hackaday - Blood doping is so last decade The modern cyclist has a motor and power supply hidden inside the bike s frame We were first tipped off to the subject in this article in the New York Times A Belgian cyclocross rider, Femke Van den Driessche, was caught with a motor hidden in her bike While we don t condone sports cheating, we think that hiding a motor inside a standard bike is pretty cool But it s even more fun to think of how to catch the cheats The Italian and French press have fixated on the idea of using thermal cameras to read more http://www.secuobs.com/revue/news/604643.shtmlhttp://www.secuobs.com/revue/news/604643.shtml Secuobs.com : 2016-04-25 17:42:20 - Global Security Mag Online - Aujourd'hui, les tablettes et smartphones de la vie personnelle s'invitent dans le monde professionnel Peu importe le nombre de collaborateurs ou la taille de l'entreprise, la mobilité est au cœur de toutes les organisations On voit d'ailleurs apparaitre des solutions qui permettent aux utilisateurs en situation de mobilité d'accéder à leurs documents de n'importe quel endroit et à n'importe quel moment, mais également de pouvoir accéder au flux de travail de l'entreprise Alors que les collaborateurs - Points de Vue http://www.secuobs.com/revue/news/604642.shtmlhttp://www.secuobs.com/revue/news/604642.shtml Secuobs.com : 2016-04-25 17:37:39 - 411 spyware - Ad-supported software is a very common form of malware that usually has many clones and its developers frequently have them updated This article is dedicated to Underground Coupon a program that you ought to remove as soon as you notice its presence on your PC We have tested this application and have found that it http://www.secuobs.com/revue/news/604641.shtmlhttp://www.secuobs.com/revue/news/604641.shtml Secuobs.com : 2016-04-25 17:37:39 - 411 spyware - If you wish to enhance your overall online experience by running an application that would provide you with quick and free access to various movies and songs right within your web browser, you should know about TipMediaPlayer Unfortunately, you should know about it because it exhibits dubious and intrusive features that should not be ignored http://www.secuobs.com/revue/news/604640.shtmlhttp://www.secuobs.com/revue/news/604640.shtml Secuobs.com : 2016-04-25 17:22:16 - Help Net Security - Ransomware hitting mobile devices is not nearly as widespread as that which targets computers, but Blue Coat researchers have discovered something even less unusual mobile ransomware delivered via exploit kit The ransomware in question calls itself CyberPolice the researchers have dubbed it Dogspectus , and does not encrypt users files, just blocks the infected Android device It purports to be part of an action by the nonexistent American national security agency against unspecified illegal actions ostensibly More http://www.secuobs.com/revue/news/604639.shtmlhttp://www.secuobs.com/revue/news/604639.shtml Secuobs.com : 2016-04-25 17:21:24 - TorrentFreak - With more than a million downloads in half a day, the premiere of Game of Thrones' sixth season has once again ignited a piracy craze People from all over the world grabbed a copy, and this morning over 200,000 BitTorrent users are actively sharing copies of the episode, a number that's still rising Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604638.shtmlhttp://www.secuobs.com/revue/news/604638.shtml Secuobs.com : 2016-04-25 17:12:31 - Symantec Connect Security Response Billets - Presidential primary apps can gather a lot of information and may expose sensitive data IMAGE Read More http://www.secuobs.com/revue/news/604637.shtmlhttp://www.secuobs.com/revue/news/604637.shtml Secuobs.com : 2016-04-25 17:06:50 - LinuxSecurity.com Latest News - LinuxSecuritycom As a pentester, I love server-side vulnerabilities more than client-side ones Why Because it's way much cooler to take over the server directly and gain system SHELL privileges http://www.secuobs.com/revue/news/604636.shtmlhttp://www.secuobs.com/revue/news/604636.shtml Secuobs.com : 2016-04-25 17:06:50 - LinuxSecurity.com Latest News - LinuxSecuritycom Reports of APT activities detail compromises spanning multiple organizations, sectors, industry verticals, and countries over multiple years According to MITRE it is becoming increasingly necessary for organizations to have a cyber threat intelligence capability, and a key component of success for any such capability is the information sharing with partners, peers and others they select to trust http://www.secuobs.com/revue/news/604635.shtmlhttp://www.secuobs.com/revue/news/604635.shtml Secuobs.com : 2016-04-25 17:06:50 - LinuxSecurity.com Latest News - LinuxSecuritycom Two International hackers, Aleksandr Andreevich Panin and Hamza Bendelladj, have been sentenced to a combined 24 years and 6 months in prison for their roles in developing and distributing SpyEye banking trojan, a powerful botnet similar to the infamous ZeuS malware http://www.secuobs.com/revue/news/604634.shtmlhttp://www.secuobs.com/revue/news/604634.shtml Secuobs.com : 2016-04-25 17:04:49 - Global Security Mag Online - L'évaluation de la réputation des utilisateurs au sein d'un parefeu applicatif s'appuie sur l'analyse comportementale pour évaluer l'intention des utilisateurs et prendre des décisions adaptées au niveau de confiance qui découle de cette évaluation Elle permet de mettre en place une politique de sécurité ajustée, qui facilite les interactions numériques sans toutefois autoriser les actions illégales et dangereuses, susceptibles de mettre en danger les données de l'entreprise et celles de ses clients - Points de Vue http://www.secuobs.com/revue/news/604633.shtmlhttp://www.secuobs.com/revue/news/604633.shtml Secuobs.com : 2016-04-25 17:04:49 - Global Security Mag Online - CloudBees annonce l'obtention de la certification Red Hat OpenStack pour son offre CloudBees Jenkins Platform - Private SaaS Edition CloudBees devient ainsi la première plateforme DevOps et de déploiement continu à être certifiée sur Red Hat OpenStack Cette certification vient renforcer les niveaux de performance et de compatibilité de CloudBees Jenkins Platform - Private SaaS Edition La solution CloudBees Jenkins Platform Private SaaS Edition fournit des fonctions cloud-natives Elle permet - Produits http://www.secuobs.com/revue/news/604632.shtmlhttp://www.secuobs.com/revue/news/604632.shtml Secuobs.com : 2016-04-25 17:00:14 - 411 spyware - MP3 Spun is a doubtful application that should not be kept on your system If you decide to delete it, you should scroll below the text and follow the removal guide It is not an application you might believe it to be although it claims that you can stream music with it, the program shows http://www.secuobs.com/revue/news/604631.shtmlhttp://www.secuobs.com/revue/news/604631.shtml Secuobs.com : 2016-04-25 16:26:32 - Global Security Mag Online - Ipswitch annonce le lancement de son nouveau logiciel de surveillance unifiée de l'infrastructure et des applications informatiques Ipswitch WhatsUp Gold 2016 WhatsUp Gold 2016 donne aux équipes informatiques modernes la possibilité de surveiller l'ensemble de leur environnement à l'aide d'un logiciel unique et économique Ces mêmes équipes peuvent dorénavant bénéficier de l'hyper flexibilité du logiciel pour adapter leur stratégie de surveillance informatique en modifiant leurs priorités sans recourir - Produits http://www.secuobs.com/revue/news/604630.shtmlhttp://www.secuobs.com/revue/news/604630.shtml Secuobs.com : 2016-04-25 16:26:32 - Global Security Mag Online - Juniper Networks annonce l'ajout de plusieurs solutions innovantes à son offre de services virtualisés et cloud, dans le cadre de son activité SDSN Software-Defined Secure Networks - réseaux dont la sécurité est définie par logiciel Les nouveautés incluent un pare-feu virtuel compact et containerisé baptisé Juniper Networks cSRX Il s'agit d'un pare-feu de nouvelle génération, fournissant des services de sécurité pour les réseaux SDN Autre nouveauté une version multi-cœur du Juniper Networks vSRX, - Produits http://www.secuobs.com/revue/news/604629.shtmlhttp://www.secuobs.com/revue/news/604629.shtml Secuobs.com : 2016-04-25 16:26:32 - Global Security Mag Online - Depuis octobre 2015, Devoteam et Bureau Veritas développent un référentiel technique et une offre de services dédiés à la cyber sécurité des véhicules connectés Son objectif est double d'une part apporter une aide technique à l'identification et au traitement des nouveaux risques liés à la cyber-sécurité, d'autre part permettre aux constructeurs la valorisation de leur maîtrise du risque cyber-sécuritaire via une certification délivrée par un tiers indépendant et reconnu Ce partenariat permet d'offrir - Produits http://www.secuobs.com/revue/news/604628.shtmlhttp://www.secuobs.com/revue/news/604628.shtml Secuobs.com : 2016-04-25 16:06:23 - Hackaday - Today marks the beginning of the Anything Goes challenge, a 2016 Hackaday Prize contest that will reward 20 finalists with 1000 for solving a technology problem and a chance at winning the entire Hackaday Prize 150,000 and a residency at the Supplyframe Design Lab in Pasadena The Hackaday Prize is empowering hackers, designers, and engineers to use their time to Build Something that Matters For the next five weeks what matters is solving a technology problem Have an idea to power vehicles without polluting the atmosphere Great Want to figure out how to get your washing machine to work read more http://www.secuobs.com/revue/news/604627.shtmlhttp://www.secuobs.com/revue/news/604627.shtml Secuobs.com : 2016-04-25 16:05:07 - Security Bloggers Network - Plan now to join companies and industry peers for the premier Information Security event in Los Angeles The Eighth Annual The post The 8th Annual Information Security Summit appeared first on Checkmarx http://www.secuobs.com/revue/news/604626.shtmlhttp://www.secuobs.com/revue/news/604626.shtml Secuobs.com : 2016-04-25 16:05:07 - Security Bloggers Network - Sooner or later every business with an online presence is plagued by shopping cart abandonment Sometimes a consumer changes their mind, factors in the cost of shipping and decides it s not worth it, or is simply distracted long enough so the transaction is never completed Getting a consumer to follow through is not as easy, The post Reduce Fraud and Abandonment with a Risk-Based Approach to Online Sales appeared first on Speaking of Security - The RSA Blog and Podcast http://www.secuobs.com/revue/news/604625.shtmlhttp://www.secuobs.com/revue/news/604625.shtml Secuobs.com : 2016-04-25 16:05:07 - Security Bloggers Network - Attention, security professionals in Southern California If you want to hear some high-value talks, the next ISSA-LA Information Systems Security Association Summit is May 20 at the Universal City Hilton LA chapter President Richard Greenberg, also chapter president of OWASP LA, has done a great job organizing the event in recent years Attendees can choose from a The post Eighth Annual ISSA-LA Summit Next Month appeared first on Liquidmatrix Security Digest http://www.secuobs.com/revue/news/604624.shtmlhttp://www.secuobs.com/revue/news/604624.shtml Secuobs.com : 2016-04-25 16:04:37 - Help Net Security - Bit by bit, indications about how the attackers who targeted Bangladesh s central bank managed to take off with some 80 milllion of the nearly 1 billion they aimed for via fraudulent transfers are coming to light First it was established that second-hand, cheap networking equipment that collects next to no network data, and the lack of a firewall between the bank s SWIFT facility and the rest of the network, helped the attackers pull off the More http://www.secuobs.com/revue/news/604623.shtmlhttp://www.secuobs.com/revue/news/604623.shtml Secuobs.com : 2016-04-25 16:03:24 - Office of Inadequate Security - Graham Cluley tells TruckersMP to take a bow for self-reporting a breach of user data to Troy Hunt s http://www.secuobs.com/revue/news/604622.shtmlhttp://www.secuobs.com/revue/news/604622.shtml Secuobs.com : 2016-04-25 15:45:21 - Global Security Mag Online - La bataille fait rage aux USA entre Apple et le FBI sur le chiffrement des données et la possibilité pour l'administration d'avoir accès à celles-ci via des back-door Pourtant celle-ci ne se résume pas à une opposition entre la protection de la confidentialité des données privées et la lutte contre les activités illicites même si un débat sociétal sérieux sur le sujet est assurément nécessaire Nous assistons en fait à un jeu de poker où les acteurs cachent largement leur jeu et ont des stratégies toutes - Points de Vue http://www.secuobs.com/revue/news/604621.shtmlhttp://www.secuobs.com/revue/news/604621.shtml Secuobs.com : 2016-04-25 15:45:21 - Global Security Mag Online - L'économie numérique et la réglementation sur les pratiques commerciales déloyales ne sont pas antinomiques Bien au contraire, les tribunaux rappellent régulièrement que pour garantir une construction pérenne du nouvel écosystème, un encadrement s'impose par les règles traditionnelles de la concurrence, à savoir l'action en concurrence déloyale et parasitaire Bien que l'identification des pratiques déloyales sur Internet soit rendue plus difficile en raison des idées véhiculées de la libre - Risk Management http://www.secuobs.com/revue/news/604620.shtmlhttp://www.secuobs.com/revue/news/604620.shtml Secuobs.com : 2016-04-25 15:25:33 - Security Bloggers Network - Welcome to this week s security review, which includes Dorkbot, the importance of encryption and how buildings are at threat of cyberattacks The post The security review Dorkbot, encryption and buildings appeared first on We Live Security http://www.secuobs.com/revue/news/604619.shtmlhttp://www.secuobs.com/revue/news/604619.shtml Secuobs.com : 2016-04-25 15:25:33 - Security Bloggers Network - Whatever's echoing around in there is all uniquely you and could be used to authenticate users of eyewear computers http://www.secuobs.com/revue/news/604618.shtmlhttp://www.secuobs.com/revue/news/604618.shtml Secuobs.com : 2016-04-25 15:25:33 - Security Bloggers Network - Scammers are stealing Uber users' passwords and abusing them to take phantom rides wherever they want David Bisson reports http://www.secuobs.com/revue/news/604617.shtmlhttp://www.secuobs.com/revue/news/604617.shtml Secuobs.com : 2016-04-25 15:25:33 - Security Bloggers Network - Last week there was a big news story about the Blackberry encryption The news was that all BlackBerry devices share a global encryption key, and that the Canadian RCMP has a copy of it Stupid design, certainly, but it's not news As The Register poin http://www.secuobs.com/revue/news/604616.shtmlhttp://www.secuobs.com/revue/news/604616.shtml Secuobs.com : 2016-04-25 15:25:33 - Security Bloggers Network - Researchers have determined that those who stole approximately 81 million from the Bangladesh Bank most likely did so by hacking into SWIFT s client software SWIFT, or the Society for Worldwide Interbank Financial Telecommunications, provides banks and other organizations with secure messaging services According to its 2015 traffic, more than 11,000 organizations and more than 200 Read More The post SWIFT Software Hacked in Bangladesh Bank Heist, Find Researchers appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/604615.shtmlhttp://www.secuobs.com/revue/news/604615.shtml Secuobs.com : 2016-04-25 15:25:33 - Security Bloggers Network - In an effort to improve security, Opera has baked a free VPN Virtual Private Network into the latest version of its browser http://www.secuobs.com/revue/news/604614.shtmlhttp://www.secuobs.com/revue/news/604614.shtml Secuobs.com : 2016-04-25 15:25:33 - Security Bloggers Network - Exercise 1 Getting started with ADB Objective adb is an essential tool for interacting with Android devices We use this utility in multiple scenarios during our journey throughout Go on to the site to read the full article http://www.secuobs.com/revue/news/604613.shtmlhttp://www.secuobs.com/revue/news/604613.shtml Secuobs.com : 2016-04-25 15:25:33 - Security Bloggers Network - 1 Introduction Since the invention of the steam locomotive, there have been continuous technological developments in the field of railway transport For example, AGV Italo a train which entered Go on to the site to read the full article http://www.secuobs.com/revue/news/604612.shtmlhttp://www.secuobs.com/revue/news/604612.shtml Secuobs.com : 2016-04-25 15:25:33 - Security Bloggers Network - Sirin Labs is set to enter the smartphone market with a device focused on internet security and privacy http://www.secuobs.com/revue/news/604611.shtmlhttp://www.secuobs.com/revue/news/604611.shtml Secuobs.com : 2016-04-25 15:23:34 - Office of Inadequate Security - Phil Muncaster reports A bug in SWIFT banking software may have been exploited to allow hackers to make off with 81 http://www.secuobs.com/revue/news/604610.shtmlhttp://www.secuobs.com/revue/news/604610.shtml Secuobs.com : 2016-04-25 15:23:34 - Office of Inadequate Security - Thomas Fox-Brewster reports Sexual preference Relationship status Income Address These are just some details applicants http://www.secuobs.com/revue/news/604609.shtmlhttp://www.secuobs.com/revue/news/604609.shtml Secuobs.com : 2016-04-25 15:08:25 - Global Security Mag Online - Aujourd'hui nous n'en sommes plus à nous demander si les collaborateurs d'une entreprise vont utiliser ou non leurs périphériques personnels dans le cadre de leur travail C'est un fait établi, que l'entreprise ai mis en place une stratégie BYOD ou non, les utilisateurs veulent être libres d'utiliser leurs propres téléphones, tablettes et ordinateurs portables au travail, sans restriction d'accès ni de contrôle Cependant, cela n'empêche pas l'entreprise de mettre en place un système s'alertes En - Points de Vue http://www.secuobs.com/revue/news/604608.shtmlhttp://www.secuobs.com/revue/news/604608.shtml Secuobs.com : 2016-04-25 14:48:01 - Risk Assessment Ars Technica - Hostile JavaScript delivered through ads installs ransomware on older Android phones http://www.secuobs.com/revue/news/604607.shtmlhttp://www.secuobs.com/revue/news/604607.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Major crypto vulnerabilities would have been detected if we had better testing methodologies and tools Heartbleed, Gotofail, or FREAK are some the most dramatic examples, but there are many others and many that we haven't discovered yet To help fix this, and to show how hard it is to test crypto code, this talk will go through the simplest to the most sophisticated methods, from basic test vectors to fuzzing and verification I'll show code examples, and the limitations of each class of test JEAN-PHILIPPE AUMASSON Jean-Philippe JP Aumasson is Principal Cryptographer at Kudelski Security, in Switzerland He designed the popular cryptographic functions BLAKE2 and SipHash, and the new authenticated cipher NORX He has spoken at Black Hat, DEFCON, RSA, CCC, SyScan, CHES He initiated the Crypto Coding Standard and the Password Hashing Competition projects He co-wrote the 2015 book The Hash Function BLAKE JP tweets as veorq For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604606.shtmlhttp://www.secuobs.com/revue/news/604606.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - The keynote of TROOPERS'15 by Prof Sergey Bratus highlighted the findings of language-theoretical security LangSec vis-a-vis how many classes of vulnerabilities stem from computational and grammar complexity This talk is aimed at software developers and project managers who are looking to enhance their SDLC with LangSec-supported practices Actionable techniques, tools and methods will be provided to integrate LangSec findings into the software your organizations develop to reduce the defect rate and improve security Also highlighted will be major development organizations that have developed coding best-practices that are well-aligned with LangSec, thus showing the empirical benefits to these changes to the SDLC JACOB TORREY Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc where he leads the Computer Architectures group and acts as the site lead for the Colorado branch Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler His major interest is how to mis use an existing architecture to implement a capability currently beyond the limitations of the architecture He can be found posting goofy stuff to his Twitter JacobTorrey when not out in the mountains or tending to his critters For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604605.shtmlhttp://www.secuobs.com/revue/news/604605.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - SAP systems use of custom archive file formats in several different places, such as for distributing software components and in the code transport mechanism While the compression algorithms used by SAP has been known for a few years, it was only target of security analysis recently Additionally, the file formats are proprietary and there's no much information about how to properly interpret such files This talk will shed some light over the compression algorithms and the CAR and SAR file formats, at the time at demonstrating some potential attack vectors involving this type of files Moreover, we'll discuss how to dissect and examine this files for both offensive and defensive purposes, using an open source python library MARTIN GALLO Martin Gallo is Security Consultant at CORE Security, where he performs application and network penetration testing, conducts code reviews and identifies vulnerabilities in enterprise and third party software His research interests include enterprise software security, vulnerability research and reverse engineering Martin has given talks at Troopers, BruCON and DEF CON conferences For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604604.shtmlhttp://www.secuobs.com/revue/news/604604.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Bla-blah-blah SAP Bla-blah-blah big companies Bla-blah-blah hack multi-million dollar systems This is how typical SAP Talks are started But not this time We are really missing hardcore exploitation stuff and unusual vulnerabilities, no matter where they are Now it's time for real HARDCORE In our presentation, we will tell and show how by using a chain of minor vulnerabilities in different SAP services we can take complete control of an affected system Have you ever heard that a denial of service vulnerability can be used for remote command execution No, we are not talking about memory corruption It's about how unexploitablea denial of service vulnerabilities can be exploited together with some minor issues to attack system in a way which you have never imagined You'll see the way from Anonymous to SAP_ALL, enjoy DMITRY CHASTUHIN Dmitry is a Director of security consulting at ERPScan He works upon SAP security, particularly upon Web applications and JAVA, HANA and Mobile solutions He has official acknowledgements from SAP for the vulnerabilities found Dmitry is also a WEB 20 and social network security geek and bug bounty who found several critical bugs in Google, Nokia, Badoo He is a contributor to the EAS-SEC project He spoke at the following conferences BlackHat, Hack in the Box, DeepSec, and BruCON ALEXANDER POLYAKOV Founder of ERPScan, President of EAS-SECorg project, accomplished R D professional and Entrepreneur of the year He is an expert at security for business-critical software like ERP, CRM, SRM and industry specific solutions He has received due recognition having publishing over 100 vulnerabilities, as well as multiple whitepapers, such as annual award-winning SAP Security in Figures , surveys and a book devoted to information security research in SAP and Oracle He has presented at more than 50 conferences in 20 countries in all continents and held training sessions for the CISOs of Fortune 2000 companies, including SAP SE For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604603.shtmlhttp://www.secuobs.com/revue/news/604603.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Fortunately more and more SAP customers start securing their business critical SAP infrastructure after many SAP security presentations on conferences and others ways of raising awareness Securing SAP systems is never an easy task, taking into account the complexity and wide variety of possible deployment scenarios for SAP systems However, you can secure the low hanging fruit and prevent the most easy compromises by focusing on just a couple of vulnerabilities One of the most obvious and simple precautions is to get rid of DEFAULT accounts This is a simple task as the list of default users and passwords was limited to only 5 accounts for a long time, but that has changed Welcome to SAP default account number 6 the SMDAGENT user A total compromise of a SAP system will be demonstrated in this presentation Combined with two other vulnerabilities found by our research, this default account is all it takes to get easy access to your multi-million dollar SAP systems JORIS VAN DE VIS Joris has got extensive experience as a SAP Technical consultant and has a wide interest in everything under the hood of SAP systems In addition to developing and working as a SAP Technical consultant, his main interest lies in the SAP Security domain Next to helping business to secure their SAP systems, Joris is also a SAP researcher and reported over 40 vulnerabilities in SAP applications He has got 15 years of experience in working for large fortune-500 companies and helped government departments with implementing and securing SAP landscapes Joris is co-founder of ERP-SEC, a SAP security focused company based in the Netherlands For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604602.shtmlhttp://www.secuobs.com/revue/news/604602.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - TROOPERSCON - One Tool To Rule Them All For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604601.shtmlhttp://www.secuobs.com/revue/news/604601.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - More and more entities are deploying Application Whitelisting to prevent malware and detect sophisticated intruders Is this a viable defense What are the mechanisms that can be used to evade detection and achieve action on objectives How can an attacker circumvent this control These are questions that we will explore in this talk We have discovered a number of evasion tactics that cannot be patched These techniques put organizations that deploy Whitelisting at risk We will focus on techniques used in Windows Environments CASEY SMITH Casey Smith subTee is a Threat Intelligence Analyst in the Financial Industry He has a passion for understanding and testing defensive systems Previous Talks Publications ShmooCon 2015 Simple Application Whitelisting Evasion https youtube 85M1Rw6mh4U https githubcom subTee ShmooCon-2015 DerbyCon 2014 SSL MITM - PowerShell https wwwyoutubecom watch v Mii0BTglOBM OWASP 2013 How Malware Attacks Web Applications https wwwyoutubecom watch v Mii0BTglOBM For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604600.shtmlhttp://www.secuobs.com/revue/news/604600.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - TROOPERSCON - The Chimaera Processor For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604599.shtmlhttp://www.secuobs.com/revue/news/604599.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - TROOPERSCON - Lets Play Hide and Seek in the Cloud For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604598.shtmlhttp://www.secuobs.com/revue/news/604598.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - When world's collide is not just another random Seinfeld reference, it is the wake-up call for all security practitioners and cyber savvy citizens Cyber was once the exclusive domain of digital denizens but now digital digits can reach out and touch someone As more and more discretion is taken away from human operators and assigned to autonomous semi-autonomous systems, our safety becomes dependent on ubiquitous sensor networks that are Connected New threat catalogs are required to design systems that are safe and secure The speaker will articulate the attack surface, move beyond the hype and propose reasonable response strategies for surviving in a world where cyber and physical intersect The session blends several timely themes Cyber, IoT, Pervasive Surveillance, Privacy, M2M Communications, Discretion and Trust Enhanced Risk Management in a unique way designed to educate practitioners to the necessity of understanding multiple domains -when worlds collide BRYAN FITE Bryan K Fite A committed security practitioner and entrepreneur, Bryan is currently a Senior Cyber Physical Security Consultant at BT Having spent over 25 years in mission-critical environments, Bryan is uniquely qualified to advise organizations on what works and what doesn't Bryan has worked with organizations in every major vertical throughout the world and has established himself as a trusted advisor The challenges facing organizations today require a business reasonable approach to managing risk, trust and limited resources while protecting what matters He is also the creator of PacketWars packetwarscom the World s premier Cyber Sport For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604597.shtmlhttp://www.secuobs.com/revue/news/604597.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - TROOPERSCON - Imma Chargin Mah Lazer For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604596.shtmlhttp://www.secuobs.com/revue/news/604596.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Active Directory has been covered from a system administration perspective for as long as it has existed However, much less information exists on how adversaries abuse and backdoor AD, leaving many defenders blind to the attacks carried out in their own environment This talk will cover Active Directory from an offensive perspective, illustrating ways that attackers move through Windows networks with ease These actions are facilitated by PowerView, an advanced AD enumeration tool written by the presenter that allows for easy local administrator enumeration, domain trust hopping, user hunting, ACL auditing, and more PowerView has dramatically changed the way many operate on red team operations, and has helped to bridge the gap and bring advanced tradecraft to even time-constrained engagements WILL SCHROEDER Will Schroeder harmj0y is a researcher and red teamer in Veris Groups' Adaptive Threat Division He actively participates in the public community and has spoken at several industry conferences including Shmoocon, Derbycon, and Defcon on topics spanning AV-evasion, red-teaming, domain trust abuse, offensive PowerShell, and more He also helps develop teach the Adaptative Red Team Tactics Blackhat training class, is a co-founder of the Veil-Framework, developed PowerView and PowerUp, is an active PowerSploit contributor, and is a co-founder core developer of the PowerShell post-exploitation agent Empire His technical blog is at http blogharmj0ynet For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604595.shtmlhttp://www.secuobs.com/revue/news/604595.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - The Tytera MD380 is handheld transceiver for the Digital Mobile Radio DMR protocol, also known as MotoTRBO It has an ARM CPU, a funky baseband that's only documented in Chinese, and a powerful transmitter that puts your wifi card to shame In the past few months of weekends, we have 1 jailbroken the hardware to allow for free extraction and modification of firmware, 2 broken the hilarious crypto so that we can wrap and unwrap updates from the official tool, 3 reverse engineered enough of the firmware to patch in new features, 4 made room for large firmware modifications by creative abuse of Chinese fonts, and 5 wrapped all of this into a handy, freely available toolset Soon enough, we hope this work will lead to new firmware, written from scratch to run on existing hardware This fun and fast-paced lecture describes the nifty tricks that we used in reverse engineering this radio, as well as what to look for in securing your own embedded systems against unwanted tampering TRAVIS GOODSPEED Travis Goodspeed is a neighborly reverse engineer from Southern Appalachia When he's not reverse engineering radio firmware, you can find him preaching on top of a milk crate at your local conference CHRISTIANE RUETTEN DD4CR doesn't like her name, so she prefers to go by CR You can also call her KK4CR Besides hacking on amateur radio things, she's hacking the IoT at Mozilla for a living, with past journeys through Web security, malware analysis, mobile network security, journalism, mathematics and physics For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604594.shtmlhttp://www.secuobs.com/revue/news/604594.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - TROOPERSCON - Keynote Ethics in Networked Systems Research For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604593.shtmlhttp://www.secuobs.com/revue/news/604593.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - TROOPERSCON - unrubby For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604592.shtmlhttp://www.secuobs.com/revue/news/604592.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Next-Generation firewalls provide functionality well beyond the traditional filtering capabilities They offer deep protocol inspection, application identification, user based filtering, VPN functionality and more While this significantly increases the attack surface of these devices, little public research is available In this talk I will present an in-depth analysis of one of the leading NGFW solutions Besides describing the overall system architecture, I will discuss and demonstrate several critical vulnerabilities in the different components that can result in a full remote compromise of the appliance To go beyond 2015 the pure bashing of security appliances, I ll also present some positive insights All vulnerabilities in this talk were disclosed to the vendor in 2015 The vendor is providing patches The vulnerabilities will be demonstrated live during the talk, but if there is no patch available by the time of the talk, we will not show exploit code FELIX WILHELM Felix is a security researcher working for ERNW GmbH His main interests are application security, reverse engineering and virtualization security Felix has disclosed critical vulnerabilities in popular software such as Hyper-V, Xen, Typo3 or IBM GPFS and has presented his work at international conferences like PHDays, Hack in the Box, Infiltrate and Troopers For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604591.shtmlhttp://www.secuobs.com/revue/news/604591.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - In many countries you can enjoy free wifi access to the internet nearly everywhere Also in most industrialized countries you have mobile data contracts with a lot of data volume available this is a story for another talk but still important in our context In Germany we have neither of those The wifi problem is mostly due to a law called Störerhaftung which makes it nearly impossible to share your internet connection without expecting to get very expansive legal problems because you can be hold liable for what other people use the connection for This leads to a great market for the big ISPs and smaller companies, taking a lot of money from the users and the persons who want to provide the internet access only to protect them from a stupid law This is one of the problems where Freifunk comes into play Freifunk is a free and open wireless radio network community, a little bit like open source for networks and internet connections We try to build our own non-profit network on the basis of wifi connections and internet uplinks that people that share free of charge The idea behind Freifunk is an open, unlimited, anomymous to use and decentralized network built by the people living in a region But there is more to it than that We also try to teach the people how networks work and how to build and expand them on their own We try to bring the people in contact so a social community raises around Freifunk And of course, we also want to give the users back some power over the networks they use every day to release them from the bounds of big centralized commercial providers Sounds like a great idea This talk will be about how Freifunk works, from which real world problems it raised, what we already archived and what we try to archive in the future BEN OSWALD Ben is a Student at the University of Applied Sciences in Worms and currently writing his bachelor thesis in Applied Informatics He is the founder and head of Freifunk Rhein-Neckar and co-organizer of the MRMCD IT sec conference Beside these projects he is doing a lot of networking, software development and linux stuff For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604590.shtmlhttp://www.secuobs.com/revue/news/604590.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Although all current scientific white-box publications are academically broken, there is still a large number of companies which sell secure white-box products based on unknown designs and relying on additional code obfuscation countermeasures A new approach to assess the security of white-box implementations is presented which requires neither knowledge about the inner white-box design nor any reverse engineering effort The differential computation analysis DCA attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community PHILIPPE TEUWEN Philippe Teuwen joined recently Quarkslab Before that, he was Principal Researcher in the Innovation Center Crypto Security of NXP Semiconductors He's one of the libnfc maintainers and gave about 15 workshops on RFID NFC security and privacy issues at Hacklu, Brucon, RFIDsec, Hackito Ergo Sum, RMLL, etc along with talks on other security topics such as Wi-Fi Protected Setup, EMV-CAP for eBanking, eVoting reverse-engineering, Smartcard fault injection simulation, White-Box cryptanalysis etc He regularly contributes to the International Journal of PoCGTFO and loves playing CTFs For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604589.shtmlhttp://www.secuobs.com/revue/news/604589.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Usually IPv6 planning projects include at least three main documents a road map, an address concept plan and an IPv6 security concept In this talk I ll focus on the latter and I will lay out typical steps needed to come up with a set of IPv6 security controls both on the infrastructure and on the host endpoint layer suited to provide adequate IPv6 security in enterprise organizations, in an operationally feasible way ENNO REY Enno Rey Enno_Insinuator is an old school network security guy who has been involved with IPv6 since 1999 In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604588.shtmlhttp://www.secuobs.com/revue/news/604588.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Recent works in the MIF, routing working groups of the IETF are about supporting simultaneous use of several interfaces as well as discovering the provisioning domain PvD default search domain, recursive DNS servers, prefix to be used, Another recent topic is about source destination routing where the source address is also used in the forwarding decision The talk will briefly present those recent work items, then it will focus on their security impacts denial of service, spoofing, TR16_IPv6_Sec_Summit_evyncke_mif_securitypdf ERIC VYNCKE Eric Vyncke is a Distinguished Engineer based in the Brussels office of Cisco Systems His main current technical focus is about security and IPv6 He has designed several secured large IPsec networks and other security related designs In his work for the IETF, he co-authored RFC 3585, 5514, 7381 and 7404 and is active in V6OPS, 6MAN and OPSEC working groups His recent works are related to IPv6 including co-authoring a book on IPv6 Security he also authored a book on layer-2 security Eric is the current co-chair of the Belgian IPv6 Council wwwvynckeorg ipv6status is well-known for several years to collect statistics about IPv6 deployment He is also a visiting professor for security topics at the University of Mons He is an adjunct professor at HEC, the business school of University of Liège, Belgium He holds a CISSP certification, is a member of ISSA and speaks frequently at international conferences He s presented at Troopers several times, like in 2015 on Segment Routing Twitter evyncke For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604587.shtmlhttp://www.secuobs.com/revue/news/604587.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Backbone networks have been changing on layer-3 the last few years due to the worldwide operational deployment of IPv6 from several Internet Service Providers According to the Cisco Labs measurements, at the end of 2015 the IPv6 transit Autonomous Systems are more than 75pourcents in Western Europe on an average, with some countries reaching even 92pourcents While a decent amount of research has been performed concerning the IPv6 security implications on local area networks, this is not the case regarding its impact on backbone IP networks The assumption that the potential attack vectors in IPv6 networks should be the same as in the case of IPv4 is rather naïve given the new functionalities that IPv6 introduces This study will discuss the most significant IPv6-related security issues on backbone networks, describing why the evasion of Access Control Lists is rather inevitable Hands-on experimental results of three different well-known vendors will demonstrate these issues By analysing the root cause of the problem we will be able to propose very specific mitigation techniques, both in terms of device implementation so as to protect our networks in short-term , but also regarding the philosophy of the Internet Protocol itself and how this should be changed in the long run ANTONIOS ATLASIS Antonios Atlasis is an IT Security researcher with a special interest in IPv6 in securities His work has been presented in several IT Security conferences and it has resulted in the discovery of various IPv6-related vulnerabilities He is the author of Chiron, an IPv6 specialized and very flexible security assessment tool For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604586.shtmlhttp://www.secuobs.com/revue/news/604586.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - When introducing IPv6 in a network segment today, this is most often done with a dual stack approach Continuing to use IPv4 in addition to IPv6 in this segment ensures that communication with other IPv4-only segments is still possible But this approach has several drawbacks such as Network administrators won't set up new IPv4 segments, but rather just 'add' IPv6 to the existing segment, security staff has to maintain two firewall rule sets and the number of routes doubles One way around this could be NAT64 NAT46 Applied on the border of segments, it enables network devices in IPv4-only segments to talk to devices in the IPv6 segments Sure, this requires additional configuration on the borders but this effort is much smaller than operating an entire segment dual stack configured Using this approach one could simply set up an entirely new network segment IPv6-only, thus using all the advantages the huge IPv6 space offer In addition, in the future when IPv4 is switched off, none of the devices in the segment needs adaptation, but only the border device To gain practical experiences with this approach we assumed our management networks to be IPv6 only in fact they are dual stack and configured required NAT64 46 rules on the border device Juniper SRX240 HA cluster to ensure connectivity to the other IPv4-only segments In the talk we explain this approach in detail, report about our experiences and summarizes pros and cons of it GABRIEL MÜLLER During his studies in electrical engineering at ETH Zurich Gabriel Mueller specialized on networks and network security He works as a senior consultant at AWK Group, assisting clients in the public and private sectors as project manager and expert in the network area In his role as a network administrator at AWK, he regularly gathers practical experience in the company's network For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604585.shtmlhttp://www.secuobs.com/revue/news/604585.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - This talk focuses on the peculiarities which must be taken into account when building a wireless LAN with IPv6 support based on practical experience deploying IPv6 in the Troopers15 WiFi Network This includes, but is not limited to the handling of link-local multicast in Cisco based WiFi controller environments as well as IPv6 First Hop Security mechanisms on the WLC and the underlying wired infrastructure itself Furthermore we will try to provide statistics of the IPv4 IPv6 ratio for the Troopers15 WiFi Network eg how many clients are dual-stacked as well as the ratio of IPv4 and IPv6 traffic going to the Internet CHRISTOPHER WERNY Christopher has been involved with IPv6 since 2005 and has performed a number of IPv6 planning, implementation and troubleshooting projects tasks since then He leads the network security team at ERNW For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604584.shtmlhttp://www.secuobs.com/revue/news/604584.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - In this talk I ll provide an overview which IPv6 First Hop Security FHS features are currently available on HP Comware based devices, how those are configured and what actually works or doesn t We will have some devices in the room and this talk will be open end so we can even explore things in a practical way, next to a number of demos being part of the talk anyway CHRISTOPHER WERNY Christopher has been involved with IPv6 since 2005 and has performed a number of IPv6 planning, implementation and troubleshooting projects tasks since then He leads the network security team at ERNW For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604583.shtmlhttp://www.secuobs.com/revue/news/604583.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Connecting business partners is the subject of fierce debates in many IPv6 planning teams, as existing architectures from the IPv4 world can not easily be transformed to an IPv6 world for a number of technical reasons and because the overall addressing strategy will change in quite some organizations In this talk I will discuss potential approaches, together with an evaluation of their respective advantages disadvantages and I will try to provide an outlook which types of challenges we ll see in complex setups and, maybe, how to solve them ENNO REY Enno Rey Enno_Insinuator is an old school network security guy who has been involved with IPv6 since 1999 In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604582.shtmlhttp://www.secuobs.com/revue/news/604582.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Distributing packet capture files PCAPs is often required in situations where the information contained in the packets is an important binary log for troubleshooting or identifying verifying attack patterns Since packets usually contain confidential or sensitive information a sanitization needs to be performed before being able to share the files In this talk we'll look at some general challenges as well as how IPv6 has advantages over IPv4 and where it is more complicated to achieve correct results JASPER BONGERTZ Jasper Bongertz is a Senior Technical Consultant at Airbus Defence and Space CyberSecurity and started working freelance in 1992 while he began studying computer science at the Technical University of Aachen In 2009, Jasper became a Senior Consultant and Trainer for Fast Lane, where he created a large training portfolio with a special focus on Wireshark In 2013, he joined Airbus Defence and Space CyberSecurity, focusing on IT security, Incident Response and Network Forensics For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604581.shtmlhttp://www.secuobs.com/revue/news/604581.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - A lot has happened in the area of IPv6 Network Reconnaissance in the last few years For starters, the myth of IPv6 scanning attacks being infeasible has been dismantled, and a number of tools have sparked in an attempt leverage both IPv6 address scans and other IPv6 network reconnaissance techniques This presentation will cover the latest tools and features for IPv6 network reconnaissance and, more importantly will release a brand-new tool for comprehensive IPv6 network reconnaissance A must-see must-attend for security practitioners in the need of finding juicy IPv6 nodes, whether for good or not FERNANDO GONT Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations around the world Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre NISCC and the UK Centre for the Protection of National Infrastructure CPNI in the field of communications protocols security As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite Gont is currently working as a security consultant and researcher for SI6 Networks Additionally, he is a member of the Centro de Estudios de Informatica CEDI at Universidad Tecnológica Nacional Facultad Regional Haedo UTN FRH of Argentina, where he works in the field of Internet engineering As part of his work, he is active in several working groups of the Internet Engineering Task Force IETF , and has published more than twenty IETF RFCs Request For Comments and more than a dozen IETF Internet-Drafts Gont has also produced the SI6 Network's IPv6 Toolkit -- a portable and comprehensive security assessment and troubleshooting toolkit for the IPv6 protocol suite Furthermore he has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including CanSecWest 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, HACKLU 2011, DEEPSEC 2011, Hackito Ergo Sum 2012, Hack In Paris 2013, German IPv6 Kongress 2014, IPv6 Security Summit 2014, and H2HC 2014 Additionally, he is a regular attendee of the Internet Engineering Task Force IETF meetings More information about Fernando Gont is available at his personal web site For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604580.shtmlhttp://www.secuobs.com/revue/news/604580.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - During the IPv6 Security Summit at Troopers 14, Chiron, an all-in-one IPv6 penetration testing framework was released publicly for first time Since then, the advanced features of Chiron were used to discover some 0-day evasion techniques against high-end commercial and open-source Intrusion Detection Prevention Systems Moreover, for Troopers 15 it was enhanced with new features, like advanced MLD support and a fake DHCPv6 server, which can be combined with its other features, like the use of arbitrary Extension Headers and fragmentation to leverage really advanced attacks In this workshop, after a quick refreshing to the basic capabilities of Chiron, we will focus on the advanced IPv6 functionalities that the framework offers We will not only show how to reproduce the latest published IPv6 attacks, but moreover, how you can create your own arbitrary IPv6 attacking scenarios for your own security assessments or penetration testing purposes A lab will be set up in order not only to reproduce the presented techniques, but to also try your skills and why not to discover your own 0-day techniques Requirements No programming experience or prior knowledge of Chiron are required Some necessary but not very basic IPv6 theory will also be given to better explain the demonstrated IPv6 attacks Bring your own Linux device with Python installed, or your favourite Operating System with VirtualBox, and you are good to go source code and virtual images with all what you need will be provided ANTONIOS ATLASIS Antonios Atlasis is an IT Security researcher with a special interest in IPv6 in securities His work has been presented in several IT Security conferences and it has resulted in the discovery of various IPv6-related vulnerabilities He is the author of Chiron, an IPv6 specialized and very flexible security assessment tool RAFAEL SCHAEFER Rafael has studied computer science with a specialization in telecommunication at the Bonn-Rhein-Sieg University of Applied Sciences Department of Computer Science His research interests include network and IPv6 security issues He wrote his highly rated bachelor thesis on IDS Recognition and Validation of IPv6 Extension Header and works as a security analyst at ERNW GmbH He has presented on IPv6 security issues at several occasions, incl Black Hat Sao Paulo, Black Hat Asia, Black Hat Europe, Troopers and Hacklu For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604579.shtmlhttp://www.secuobs.com/revue/news/604579.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - TROOPERSCON - Basic Attacks and Mitigation Strategies For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604578.shtmlhttp://www.secuobs.com/revue/news/604578.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - During the last few years, a number of IPv6 security efforts have sparked at the Internet Engineering Task Force IETF -- the organization that standardizes the internet protocols These efforts have been the result of both new IPv6 security research and increased IPv6 operational practice, and have ranged from informational documents aimed at raising awareness and or providing advice to the network operations community, to new protocol features or updates aimed at mitigating security vulnerabilities This presentation will be an updated version of the now classic Troopers' Recent IPv6 Standardization Efforts , but with an increased focus on the practical impact of such efforts, and with broader coverage in terms of work and IETF working groups If you want to know how the recent IETF work will affect the security of your network and or your operational practices, this presentation is for you FERNANDO GONT Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations around the world Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre NISCC and the UK Centre for the Protection of National Infrastructure CPNI in the field of communications protocols security As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite Gont is currently working as a security consultant and researcher for SI6 Networks Additionally, he is a member of the Centro de Estudios de Informatica CEDI at Universidad Tecnológica Nacional Facultad Regional Haedo UTN FRH of Argentina, where he works in the field of Internet engineering As part of his work, he is active in several working groups of the Internet Engineering Task Force IETF , and has published more than twenty IETF RFCs Request For Comments and more than a dozen IETF Internet-Drafts Gont has also produced the SI6 Network's IPv6 Toolkit -- a portable and comprehensive security assessment and troubleshooting toolkit for the IPv6 protocol suite Furthermore he has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including CanSecWest 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, HACKLU 2011, DEEPSEC 2011, Hackito Ergo Sum 2012, Hack In Paris 2013, German IPv6 Kongress 2014, IPv6 Security Summit 2014, and H2HC 2014 Additionally, he is a regular attendee of the Internet Engineering Task Force IETF meetings More information about Fernando Gont is available at his personal web site For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604577.shtmlhttp://www.secuobs.com/revue/news/604577.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - TROOPERSCON - IPv6 Security Fundamentals For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604576.shtmlhttp://www.secuobs.com/revue/news/604576.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - A talk about DirectAccess an IPv6-only VPN solution was given by our colleague Ali Hardudi during IPv6 summit Ali has recently finished his master thesis on this topic The DirectAccess VPN technology was introduced by Microsoft starting from Windows server 2008 It allows users remotely, seamlessly and securely connect to their internal network resources without a need to provide user credentials, which is done using different technologies such as Windows domain group policies As everything, this technology has advantages and disadvantages It is using pure IPv6 and can work over IPv4 infrastructure, provides bidirectional access and allows for remote management and administration while implementing enhanced security features, but not all Windows OS s are supported, the force tunneling and end-to-end encryption are not always possible, and there is a performance degradation when using IP-HTTPS tunneling The DirectAccess solution is relying on a wide range of technologies, such as Active Directory Domain Controller AD DC IPSEC Public Key Infrastructure PKI HTTPS server as Network Location Service NLS Name Resolution Policy Table NRPT IPv6 tunneling technologies NAT64 DNS64, and others Ali has built a lab and developed two scenarios for assessment IP-HTTPS default configuration case, and authenticated IP-HTTPS case In these scenarios an attacker is considered to have the following position He knows URL IP of the DirectAccess server He has compromised or a trusted certificate Position of attacker is remotely settled or within the local subnet of the client First scenario was the unauthenticated IP-HTTPS case with the following considerations packets with multicast unicast addresses are not forwarded, and a server replies on behalf of clients, if a client wants to configure an address that is already configure For this scenario the following attacks were performed Scan alive hosts using Ping scan attacker position is local or remote Scan for alive DA clients using Duplicate Address local or remote Send packets with spoofed IPv6 addresses local or remote Denial of Service against IP-HTTPS tunnel local or remote Neighbor Cache exhaustion local or remote MITM using a trusted certificate local or remote MITM by relaying IPSEC packets via attacker s computer local only The second scenario was the authenticated IP-HTTPS case with the following features almost all types of packets are accepted by the DirectAccess, null cipher suites can not be used any more, all the authenticated IP-HTTPS connections are trusted, and the only packets that are not forwarded are those which have unspecified IPv6 source address The following attacks were performed Scan for alive DirectAccess clients using Ping scan attacker position is local or remote Scan DirectAccess clients for open ports local or remote DoS against DirectAccess clients by sending fake Router Advertisement RA with randomized prefixes local or remote Hijacking IPSEC packets that are sent to the client and cause a DoS local or remote DoS DirectAccess client, by sending unsolicited Neighbor Solicitation NS with the IPv6 of the DirectAccess server as a source address local or remote This assessment has shown that IP-HTTPS is a very critical component, which could be utilized by attackers to perform many IPv6 attacks on both DirectAccess client and server You can have a look at the slides here or watch the video recording on our channel Cheers, Olga For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604575.shtmlhttp://www.secuobs.com/revue/news/604575.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - This talk presents a measurement study of a current security state regarding to open ports on a direct comparison of IPv4 and IPv6 The study analyses almost 58,000 dual-stacked domains in order to find discrepancies in applied security policies We further discuss the potential reasons and, more importantly, the implications of the identified differences PATRIK FEHRENBACH Coming soon For More Information Please Visit - https wwwtroopersde http://www.secuobs.com/revue/news/604574.shtmlhttp://www.secuobs.com/revue/news/604574.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Jayson E Street is an author of Dissecting the hack The F0rb1dd3n Network from Syngress Also creator of http dissectingthehackcom He has also spoken at DEFCON, DerbyCon, UCON and at several other CONs and colleges on a variety of Information Security subjects His life story can be found on Google under Jayson E Street He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time s persons of the year for 2006 Street works for Pwnie Express For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604573.shtmlhttp://www.secuobs.com/revue/news/604573.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Work in IT Want to make a change Pen-testing sound like a fun job The key is to make your job work for you Even outside of a technical job, your hobbies can be just as beneficial Breaking into security as a professional can be a tough nut to crack Luckily, we are just the type of people who love to break in This presentation will walk you through some of the advice I was given over the years A lot of what works and what is not worth the stress, along with ways to work with you current positional to get into security as a professional If you think this is an overwhelming task, your wrong Everyone in infosec has their own story, and this presentation may help guide yours For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604572.shtmlhttp://www.secuobs.com/revue/news/604572.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Every lock picker knows that the TSA approved Travel Sentry Safe Skies locks are garbage, but if you don t want your normal checked bags to have its locks cut off, there are only so many options While this knowledge is common to lock sport folks, the average traveler is mostly unaware of it This talk will cover the 7 master keys used by the TSA, non-destructive attack methods to open the locks, efforts to reproduce the master keys by reverse engineering the locks, and what TSA approved locks are the best of a bad situation For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604571.shtmlhttp://www.secuobs.com/revue/news/604571.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Fear, Uncertainty and Doubt FUD has become a staple in the cyber-attack measurement and reporting diet Be it sensationalist and hyperbole-filled language, or the lack of any meaningful and consistent measurement methodology, the end result is the same zero clarity concerning an already complex subject matter which serves to continue rather than counter the cyber-crime threat The public discussion via media reports and business insight through myriad methodologies of mis-measurement need to be better framed if we as an industry are to truly confront the growing and increasingly expensive problem of cyber-crime Who the criminals were is of less import than how they got in compromise indicators are more valuable to other businesses than the financial cost to that particular victim The measurement metric dial has moved too far towards attribution and needs to be reset to prevention and a business-based analysis of risk once more For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604570.shtmlhttp://www.secuobs.com/revue/news/604570.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - SkyDogCon 2015 You Don't Have the Evidence - Scott Moulton For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604569.shtmlhttp://www.secuobs.com/revue/news/604569.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know In this talk, I'll go over the different stages of a web application pen test, from start to finish We'll start with tools used during the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets footprint , all the way to tools used for fuzzing parameters to find potential SQL injection vulnerabilities I'll also discuss pro-tips and tricks that I use while conducting a full application penetration assessment After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604568.shtmlhttp://www.secuobs.com/revue/news/604568.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Remember the good 'ol days when rendering video took up 100pourcents of your one CPU Remember the bad 'ol days when the rendering took 100pourcents of _one_ of your four CPUs The Laws of Physics have finally eaten Moore's law In 10 years expect thousands of slower cores As the number of cores scale, how do we build software that scales with it For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604567.shtmlhttp://www.secuobs.com/revue/news/604567.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Ever wondered what the difference is between whisky and whiskey Or what makes bourbon different than Scotch Or why does this whisky give me a hangover and that one doesn t This talk is a whirlwind tour of what whisky is, the science and art of how it is made, and how whiskies differ We will also cover organoleptic analysis techniques that will allow you to break a whisky down and uncover the complexities of the aroma and flavor profiles By the end of the session you ll be equipped to confidently answer the What would you like to drink question at that important client dinner or meeting with the boss with an answer other than Red Bull and vodka For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604566.shtmlhttp://www.secuobs.com/revue/news/604566.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Have you ever considered what it means to be secure Is the concept of security a mental construct or is it something that is equally quantifiable across people Several recent studies have shown disparity in the way experts and non-experts act with regards to how they view and act when presented with security choices This talk seeks to examine how Mostly Hairless Monkeys MHM or Humans perceive and act with regards to security For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604565.shtmlhttp://www.secuobs.com/revue/news/604565.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Have you ever wanted to build a multirotor Lets demystify it for you, it is not that hard and really fun For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604564.shtmlhttp://www.secuobs.com/revue/news/604564.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - When you think of someone performing a standard man in the middle attack, what do you picture in your head A network tap on copper cables Someone using a WiFi Pineapple Well what if the data being intercepted is leaving your home or coffee shop Would you feel safer if your data was inside an optical fiber You shouldn't Fiber optics are just as susceptible to tapping as any other method of communication In my demo lab, I will show you how fiber optic tapping works, how to conceal a tapping setup and how to defend against such an attack For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604563.shtmlhttp://www.secuobs.com/revue/news/604563.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - How to Not Cheat on Your Spouse What Ashley Madison Can Teach Us About OpSec - l0stkn0wledge Embarrassed spouses everywhere are scurrying for excuses about their infidelity This refresher will look at some lessons we can all take away on how to not get caught up in embarrassing situations Simple steps could have prevented lots of embarrassment and if you need to do something unavoidable you should take lessons from the mistakes of these unfortunate souls For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604562.shtmlhttp://www.secuobs.com/revue/news/604562.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - A light-hearted comparison of how laser beam focus can result in serious problems In software, it usually leaves gaping security holes In politics, it usually leaves gaping holes in my wallet which I can now recover some of by fixing the gaping security holes in other people's software For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604561.shtmlhttp://www.secuobs.com/revue/news/604561.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - What happens when someone in your home comes to you and asks you to help with their sex addiction A tour through the technical and human issues that must be addressed to provide a solution, a compare and contrast to our larger infosec issues, and the results of the experiment For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604560.shtmlhttp://www.secuobs.com/revue/news/604560.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Dr Scott, from the Weird Medicine Show, returns for a second time to discuss some of the common ailments affecting computer over-users He will discuss warning signs, prevention ideas, diagnostic exams and treatment options from an Integrative perspective Dr Scott has been practicing medicine for 14 years, and Dr Steve's side kick for 7 years, lot's of experience and lots of great stories If you have any specific questions you would like addressed but don't want to ask in public, send him an email prior to the conference For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604559.shtmlhttp://www.secuobs.com/revue/news/604559.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - The Hunter Exploit Kit is available for purchase in underground forums making it easily attainable for miscreants conducting cybercrime campaigns This talk will cover info on previous campaigns including its dropped malware, usage of the exploit kit, and vulnerabilities found in the PHP admin panel For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604558.shtmlhttp://www.secuobs.com/revue/news/604558.shtml Secuobs.com : 2016-04-25 14:46:52 - SecurityTube.Net - Ever wanted to break software You know you want toit's fun In this talk, I will share some tools techniques that I have used to help improve software by breaking it For More Information Please Visit - http skydogconblogspotin http://www.secuobs.com/revue/news/604557.shtmlhttp://www.secuobs.com/revue/news/604557.shtml Secuobs.com : 2016-04-25 13:40:33 - Help Net Security - Sensitive personal information of over 93 million Mexican voters has been found, unprotected and accessible to anyone who knew where to look Last Friday, researcher Chris Vickery shared details of of this discovery to the wider public, and the facts are as follows The data was stored in a publicly accessible MongoDB database, that required no password or authentication to be accessed The database was hosted on an Amazon cloud server, outside of Mexico in More http://www.secuobs.com/revue/news/604556.shtmlhttp://www.secuobs.com/revue/news/604556.shtml Secuobs.com : 2016-04-25 13:19:50 - 411 spyware - If you are looking for a reliable application to check the weather report frequently, almost hourly, make sure not to install a program called SysWeatherAlert under any circumstances because it is just one more invasive adware application Unfortunately, our reports show that a rather large number of Internet users already have this devious piece of http://www.secuobs.com/revue/news/604555.shtmlhttp://www.secuobs.com/revue/news/604555.shtml Secuobs.com : 2016-04-25 13:13:34 - Slashdot Your Rights Online - An anonymous reader writes The National Highway Traffic Safety Administration is the federal body tasked with automotive safety, reports the Verge, adding If you look at NHTSA's Twitter feed right now, you'll find that it's just a non-stop stream of burns aimed at people who admit -- sometimes gleefully -- that they text and drive For example, seeing a tweet that read, I have no problem texting while driving, but I won't text while going down stairs, the NHTSA replied You might not have a problem with the texting drivingbut we do Stay off your phone and justdrive - it's not worth it And seeing a tweet that read I text and drive way too much, they responded, Um, agreed Please realize you're putting yourself and others in danger, and a silly text isn't worth it justdrive The Verge argues For what it's worth, NHTSA is right countless studies have linked texting in the driver's seat with higher accident rates Getting shamed online by a government agency is far harsher than getting shamed by a friend -- but it's still a lot better than getting killed over an email To which the NHTSA responded on Twitter, Thanks for the shoutout, verge justdrive IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604554.shtmlhttp://www.secuobs.com/revue/news/604554.shtml Secuobs.com : 2016-04-25 13:06:02 - Hackaday - Biometrics the technique of using something unique about your body as a security device promises to improve safety while being more convenient than a password Fingerprints, retinal scans, and voice identification have all found some use, although not without limitations Now researchers in Germany want you to use your head, literally SkullConduct measures vibrations of your skull in response to a sonic signal A small prototype was successful and is particularly well suited for something you are holding up to your head anyway, like a smartphone or a headset like a Google Glass There are some limitations, though For one thing, background read more http://www.secuobs.com/revue/news/604553.shtmlhttp://www.secuobs.com/revue/news/604553.shtml Secuobs.com : 2016-04-25 12:43:31 - Web Application Security Blog Acunetix - There are over 43,900 official plugins available for WordPress, another 6,200 for Joomla and 33,700 for Drupal, not to mention the countless other platforms that are freely and easily accessible The plugins abilities range from adding photos for a personal website to complex development collaboration platforms It seems there s almost nothing that can t be added, Read More The post Mitigating extension vulnerabilities in template-based applications appeared first on Acunetix http://www.secuobs.com/revue/news/604552.shtmlhttp://www.secuobs.com/revue/news/604552.shtml Secuobs.com : 2016-04-25 12:12:54 - Global Security Mag Online - Contact contact intercloudcom Année de création 2010 Activités Cloud Delivery Platform Description du produit phare pour 2016 InterCloud, première plateforme de connectivité privée au cloud, propose aux entreprises visibilité et maîtrise sur le transport à l'échelle globale des applications cloud, leur permettant de répondre ainsi aux enjeux de sécurité, de conformité, de performance, et de flexibilité liés à l'usage des applications cloud Adresse du site Internet - CLOUD ET SECURITE http://www.secuobs.com/revue/news/604551.shtmlhttp://www.secuobs.com/revue/news/604551.shtml Secuobs.com : 2016-04-25 12:12:54 - Global Security Mag Online - Consolidant son projet de hub digital, DATA4 Group, spécialiste européen de l'hébergement ultra-sécurisé et hyper-connecté, et MIX Milan Internet eXchange , le plus grand Internet Exchange point d'échange Internet italien et l'un des premiers en Europe en termes de trafic échangé, ont signé un accord sur le marché italien des télécommunications dans la lignée des standards européens L'accord signé entre MIX Milan Internet eXchange et DATA4 marque une étape importante dans la collaboration en Italie - Business http://www.secuobs.com/revue/news/604550.shtmlhttp://www.secuobs.com/revue/news/604550.shtml Secuobs.com : 2016-04-25 11:07:56 - Global Security Mag Online - Créée en 1980, GMI-Databox s'est spécialisée dans la fourniture d'équipements et de solutions de communication BtoB En 2007, la société a élargi son portefeuille de solutions avec Daxten et s'est ainsi tournée vers le marché du Data Center Pour cette année, son produit phare est le chariot élévateur ServerLift qui a été conçu exclusivement pour les Datacenter Cette gamme de 4 produits permet à 1 seul opérateur de déplacer, installer de manière très efficace, très précise et en toute sécurité des - Interviews affiche http://www.secuobs.com/revue/news/604549.shtmlhttp://www.secuobs.com/revue/news/604549.shtml Secuobs.com : 2016-04-25 11:07:56 - Global Security Mag Online - Western Digital Corporation et Veritas Technologies annoncent que la solution HGST Active Archive System est certifiée avec le logiciel de protection des données d'entreprise Veritas NetBackup La solution combinée, grâce à une configuration et une gestion natives, offre une capacité massivement évolutive de stockage objet et simplifie les sauvegardes via un cloud privé économique Les entreprises peuvent ainsi réduire leurs coûts d'administration et d'infrastructure, notamment les frais élevés liés à - Produits http://www.secuobs.com/revue/news/604548.shtmlhttp://www.secuobs.com/revue/news/604548.shtml Secuobs.com : 2016-04-25 11:07:56 - Global Security Mag Online - Une nouvelle étude révèle que, tandis qu'un quart des entreprises à travers l'Europe affirment avoir subi un incident de sécurité sur leurs équipements au cours des 12 derniers mois, moins d'un tiers d'entre elles 32 pourcents font entièrement confiance au niveau de sécurité de leur parc informatique Parmi les principaux résultats de l'étude 90 pourcents des décideurs informatiques déclarent que la sécurité des équipements constitue aujourd'hui une préoccupation pour leur entreprise Plus de trois quart des - Investigations http://www.secuobs.com/revue/news/604547.shtmlhttp://www.secuobs.com/revue/news/604547.shtml Secuobs.com : 2016-04-25 11:07:56 - Global Security Mag Online - QNAP Systems, Inc lance un NAS basé sur des SSD au format M2, le NASBook TBS-453A Doté d'un processeur quadruple-cœur Intel et exploitant des SSD M2 pour le stockage, le TBS-453A n'offre pas seulement l'intégralité des fonctionnalités d'un NAS complet avec le support du RAID, dans un format ultra-compact, mais inclut également un switch réseau physique afin de partager l'accès au réseau avec de nombreux utilisateurs Avec sa conception compacte et quasi-silencieuse, ses deux sorties HDMI capables - Produits http://www.secuobs.com/revue/news/604546.shtmlhttp://www.secuobs.com/revue/news/604546.shtml Secuobs.com : 2016-04-25 10:48:38 - TrendLabs Security Intelligence Blog - In 2014, we began seeing attacks or threats that abused the Windows PowerShell feature At that time, it was uncommon to see threats leveraging this scripting tool as part of the malware s capabilities However, it s also not surprising to see the proliferation of various threats using this feature First of all, users cannot easily spot any malicious behavior on their infected systems since PowerShell runs in the background Secondly, PowerShell has access to the services of the operating system OS and it can get usernames, passwords, and other system information As such, this makes it a viable, if not a powerful arsenal for cybercriminals and attackers Post from Trendlabs Security Intelligence Blog - by Trend Micro New FAREIT Strain Abuses PowerShell http://www.secuobs.com/revue/news/604545.shtmlhttp://www.secuobs.com/revue/news/604545.shtml Secuobs.com : 2016-04-25 10:47:13 - TorrentFreak - Kim Dotcom and the site he founded, MEGA, appear to be at war After Dotcom warned users to back up their files last week, MEGA hit back with an attack on the entrepreneur's business plans, noting that his MegaNet project has failed to materialize Unfazed, Dotcom says MEGA is losing a million dollars per month Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604544.shtmlhttp://www.secuobs.com/revue/news/604544.shtml Secuobs.com : 2016-04-25 10:31:19 - Global Security Mag Online - Contact Christophe Boitiaux, Directeur Marketing et Communication Année de création 2000 Activités Opérateur Télécom, Hébergeur et Infogéreur Description du produit phare pour 2016 Waycom accompagne les entreprises dans la mise en place de réseaux MPLS internationaux Les clients bénéficient alors d'un réseau fluide et sécurisé pour l'ensemble de ses sites Adresse du site Internet wwwwaycomnet Services proposés sur ce site Réseaux et connexion Internet, Cloud computing, Infogérance et - OPERATEURS TELECOMS - MSSP - INFOGERANCE - HEBERGEMENT SECURISE http://www.secuobs.com/revue/news/604543.shtmlhttp://www.secuobs.com/revue/news/604543.shtml Secuobs.com : 2016-04-25 10:10:35 - Hackaday - Fail Of The Week is a long-running series here at Hackaday Over the years we ve been treated to a succession of entertaining, edifying, and sometimes downright sad cock-ups from many corners of the technological and maker world You might think that we Hackaday writers merely document the Fails of others, laughing at others misfortunes like that annoying kid at school But no, we re just as prone to failure as anyone else, and it is only fair that we eat our own dog food and tell the world about our ignominious disasters when they happen And so we come to my read more http://www.secuobs.com/revue/news/604542.shtmlhttp://www.secuobs.com/revue/news/604542.shtml Secuobs.com : 2016-04-25 10:09:06 - Help Net Security - Now in its tenth year, the Top 10 List of Web Hacking Techniques takes a step back from the implications of an attack to understand how they happen The list is chosen by the security research community, coordinated by WhiteHat Security After receiving 39 submissions detailing hacking techniques discovered in 2015, the following hacks were voted into the top 10 spaces FREAK Factoring Attack on RSA-Export Keys LogJam Web Timing Attacks Made Practical Evading All More http://www.secuobs.com/revue/news/604541.shtmlhttp://www.secuobs.com/revue/news/604541.shtml Secuobs.com : 2016-04-25 10:09:06 - Help Net Security - Hewlett Packard has released critical security updates for its HP Data Protector software, which fix vulnerabilities that could allow remote code execution or unauthorized disclosure of information HP Data Protector software is automated backup and recovery software for single-server to enterprise environments, and can be set up on Windows, Unix, and Linux operating systems There are six vulnerabilities in all, with CVE-2016-2004 through CVE-2016-2007 all being considered critical No more details about them have been More http://www.secuobs.com/revue/news/604540.shtmlhttp://www.secuobs.com/revue/news/604540.shtml Secuobs.com : 2016-04-25 10:08:18 - TorrentFreak - The top 10 most downloaded movies on BitTorrent are in again 'Deadpool' tops the chart this week, followed by Zootopia' 'The jungle Book' completes the top three Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604539.shtmlhttp://www.secuobs.com/revue/news/604539.shtml Secuobs.com : 2016-04-25 09:52:29 - Global Security Mag Online - Contact Alice Voegelin Année de création 1984 Activités Editeur français de logiciels de gestion, EBP accompagne les TPE et PME depuis 1984 EBP propose des solutions de Comptabilité, Finance, Gestion Commerciale, Paye et CRM L'entreprise équipe à la fois les créateurs d'entreprises, les artisans, les commerçants, les professions indépendantes mais aussi les PME jusqu'à 250 salariés Elle dispose également d'une gamme de logiciels dédiés aux Experts-Comptables Description du produit phare pour - CLOUD ET SECURITE http://www.secuobs.com/revue/news/604538.shtmlhttp://www.secuobs.com/revue/news/604538.shtml Secuobs.com : 2016-04-25 09:32:10 - Security Bloggers Network - Ransomware seems to be everywhere According to Blue Coat Systems 2015 Mobile Malware Report, ransomware is now the top malware threat targeting mobile devices, and it has even begun to infect Apple s Macintosh computers Hospitals across the nation have been significantly impacted by ransomware campaigns What factors are driving this dramatic rise in ransomware Listen to our Read More The post Security Slice The Resurgence of Ransomware appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/604537.shtmlhttp://www.secuobs.com/revue/news/604537.shtml Secuobs.com : 2016-04-25 09:31:42 - Help Net Security - For its latest report, Vectra analyzed data from 120 customer networks comprised of more than 13 million hosts over the first quarter of 2016 All organizations showed signs of targeted attacks including internal reconnaissance, lateral movement or data exfiltration Of the 120 participating organizations, 117 detected at least one of these behaviors during each month of the study Despite that nearly 98 percent of organizations detected at least one behavior per month during the three-month More http://www.secuobs.com/revue/news/604536.shtmlhttp://www.secuobs.com/revue/news/604536.shtml Secuobs.com : 2016-04-25 09:13:55 - Global Security Mag Online - Contact Robert Bugnet Année de création 1980 Activités Solutions d'infrastructures innovantes pour Datacenter Description du produit phare pour 2016 ServerLift - les chariots élévateurs Server Lift ont été conçus exclusivement pour les Datacenter 4 modèles manuels et électriques permettent à 1 seul opérateur de déplacer, installer en toute sécurité des équipements jusqu'à plusieurs centaines de kilos et jusqu'à 2,60m Avec plus de 300 unités vendues en Europe par an, Daxten GMI-databox vous - EQUIPEMENTS POUR DATACENTERS http://www.secuobs.com/revue/news/604535.shtmlhttp://www.secuobs.com/revue/news/604535.shtml Secuobs.com : 2016-04-25 08:54:26 - Help Net Security - Only 19 percent of organizations have what the organization considers to be excellent visibility into their data and database assets, according to Osterman Research and DB Networks This level of visibility is necessary to rapidly identify a data breach Furthermore, 47 percent of those surveyed do not have an assigned team or even an individual to oversee the security of their databases This study reveals there s a clear shift beginning to occur in information security More http://www.secuobs.com/revue/news/604534.shtmlhttp://www.secuobs.com/revue/news/604534.shtml Secuobs.com : 2016-04-25 08:18:47 - Help Net Security - Here s an overview of some of last week s most interesting news and articles Hacking Team hacker explains how he did it In a Pastebin post, he shared that he exploited a zero-day vulnerability in a embedded device deployed inside the company s network in order to gain a foothold in the network He declined to give more details about the vulnerabilities, as they are still not patched Over 3 million servers running outdated JBoss software open More http://www.secuobs.com/revue/news/604533.shtmlhttp://www.secuobs.com/revue/news/604533.shtml Secuobs.com : 2016-04-25 08:18:47 - Help Net Security - Compromised credentials are still the cause of almost a quarter of all data breaches, according to the Cloud Security Alliance CSA Data breaches, account hijacking and malicious insiders all rated as top threats These attacks often occur because of a lack of scalable identity access management systems, failure to use multifactor authentication, insufficient password use and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates It s not surprising that insufficient identity, credential More http://www.secuobs.com/revue/news/604532.shtmlhttp://www.secuobs.com/revue/news/604532.shtml Secuobs.com : 2016-04-25 07:16:08 - Hackaday - Pill cameras, devices for capsule endoscopy , or in much cruder terms, poopable cameras , are exceedingly cool technology They re astonishingly small, communicate through a gastrointestinal tract to the outside world, and have FDA certification These three facts also mean pill cameras are incredible expensive, but that doesn t mean a hardware hacker can t build their own, and that s exactly what friarbayliff is doing for his entry into The Hackaday Prize First things first friarbayliff is not building one of these for human consumption That s a morass of regulatory requirements and ethical issues This pill camera is only being built as an experiment, because read more http://www.secuobs.com/revue/news/604531.shtmlhttp://www.secuobs.com/revue/news/604531.shtml Secuobs.com : 2016-04-25 06:10:52 - Security Bloggers Network - Remove a role using PowerShell from Azure AD read more http://www.secuobs.com/revue/news/604530.shtmlhttp://www.secuobs.com/revue/news/604530.shtml Secuobs.com : 2016-04-25 06:10:52 - Security Bloggers Network - Protect privileged accounts in Azure AD with a great capability read more http://www.secuobs.com/revue/news/604529.shtmlhttp://www.secuobs.com/revue/news/604529.shtml Secuobs.com : 2016-04-25 06:10:52 - Security Bloggers Network - We've recently intercepted, a currently ongoing malicious malvertising attack, affecting thousands of users globally, potentially exposing their PCs, to, a multitude of malicious software, compromising, the, integrity, confidentiality, and, availabilit http://www.secuobs.com/revue/news/604528.shtmlhttp://www.secuobs.com/revue/news/604528.shtml Secuobs.com : 2016-04-25 06:10:52 - Security Bloggers Network - We've, recently, intercepted, a high-profile, Linux-based, botnet-driven, type of, malicious, software, that's capable, of launching, a multitude of malicious attacks, on, compromised servers, potentially, exposing, the, integrity, confidentiality, and http://www.secuobs.com/revue/news/604527.shtmlhttp://www.secuobs.com/revue/news/604527.shtml Secuobs.com : 2016-04-25 06:10:52 - Security Bloggers Network - The executive branch was hoping that Congress would reauthorize a number of surveillance programs without asking too many questions Well, think again http://www.secuobs.com/revue/news/604526.shtmlhttp://www.secuobs.com/revue/news/604526.shtml Secuobs.com : 2016-04-25 06:10:52 - Security Bloggers Network - In the fall of 2015, Heimdal Security detected a post-office email scam targeting unsuspecting Danish users The campaign sent out fake emails purporting to originate from PostNord and Post Denmark When clicked on, the infected emails downloaded Cryptolocker2 ransomware onto users machines Several months later, Heimdal has now spotted another scam campaign spoofing legitimate organizations Read More The post MazarBOT Android Malware Distributed via SMS Spoofing Campaign appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/604525.shtmlhttp://www.secuobs.com/revue/news/604525.shtml Secuobs.com : 2016-04-25 04:15:05 - Hackaday - In days gone by, when TVs had CRTs and still came in wooden cabinets, a dead TV in a dumpster was a common sight Consumer grade electronic devices of the 1960s and 70s were not entirely reliable, and the inside of a domestic TV set was not the place for them to be put under least stress If you were electronic-savvy you could either harvest these sets as a source of free components, or with relative ease fix them for a free TV set With today s LCDs, integrated electronics, and electronic waste regulations, the days of free electronics in every read more http://www.secuobs.com/revue/news/604524.shtmlhttp://www.secuobs.com/revue/news/604524.shtml Secuobs.com : 2016-04-25 02:45:19 - Office of Inadequate Security - Rebecca Russell reports that the website of the Lamont Christian Reformed Church in Michigan was defaced with a message http://www.secuobs.com/revue/news/604523.shtmlhttp://www.secuobs.com/revue/news/604523.shtml Secuobs.com : 2016-04-25 02:11:03 - Hacker Public Radio - Ken's message asking about programmatically checking for the intro and outro http threadgmaneorg gmanenetworksyndicationpodcasthacker-public-radio 1039 The Echoprint website http echoprintme Codegen source code https githubcom echonest echoprint-codegen Echoprint - An Open Music Identification Service https wwweecolumbiaedu dpwe pubs EllisWP11-echoprintpdf Server source codehttps githubcom echonest echoprint-server http://www.secuobs.com/revue/news/604522.shtmlhttp://www.secuobs.com/revue/news/604522.shtml Secuobs.com : 2016-04-25 01:08:38 - Hackaday - The Internet Archive has a truck Why Because you should never underestimate the bandwidth of a truck filled with old manuals, books, audio recordings, films, and everything else the Internet Archive digitizes and hosts online This truck also looks really, really badass A good thing, too, because it was recently stolen Jason Scott got the word out on Twitter and eagle-eyed spotters saw it driving to Bakersfield The truck of awesome was recovered, and all is right with the world The lesson we learned from all of this Steal normal cars Wait Don t steal cars, but if you do, steal read more http://www.secuobs.com/revue/news/604521.shtmlhttp://www.secuobs.com/revue/news/604521.shtml Secuobs.com : 2016-04-24 23:16:37 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge - We've, recently, intercepted, a high-profile, Linux-based, botnet-driven, type of, malicious, software, that's capable, of launching, a multitude of malicious attacks, on, compromised servers, potentially, exposing, the, integrity, confidentiality, and, availability, of, the compromised servers Malicious attackers, often rely, on the use of compromised servers, for, the purpose, of, utilizing IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604520.shtmlhttp://www.secuobs.com/revue/news/604520.shtml Secuobs.com : 2016-04-24 22:40:32 - TorrentFreak - For several years YTS YIFY was one of Hollywood's biggest arch-rivals, but that suddenly ended late last year after its founder was threatened with a multi-million dollar lawsuit Today, YIFY speaks for the first time after the shutdown About how it all started, fans, haters, movie piracy and his accomplishments Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604519.shtmlhttp://www.secuobs.com/revue/news/604519.shtml Secuobs.com : 2016-04-24 22:06:55 - Hackaday - We love hacks that involve mains voltage, but most of the time, for safety s sake, we secretly hope for that one macabre commenter that details every imaginable way the questionable design choices will result in death This spot welder may still be dangerous, but it looks like they took some precautions to make it non-lethal, and that counts for a lot After their extremely questionable high speed belt sander, this one is, refreshingly, extremely well done It starts of as a dead standard microwave spot welder build take apart microwave, try not to die from large capacitor, remove coil, modify read more http://www.secuobs.com/revue/news/604518.shtmlhttp://www.secuobs.com/revue/news/604518.shtml Secuobs.com : 2016-04-24 22:05:48 - SecTechno - http://www.secuobs.com/revue/news/604517.shtmlhttp://www.secuobs.com/revue/news/604517.shtml Secuobs.com : 2016-04-24 21:30:10 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge - We've recently intercepted, a currently ongoing malicious malvertising attack, affecting thousands of users globally, potentially exposing their PCs, to, a multitude of malicious software, compromising, the, integrity, confidentiality, and, availability, of, their, PCs The campaign relies on the Angler Web malware exploitation kit, for, the, purpose of serving malicious software, on the, PCs, IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604516.shtmlhttp://www.secuobs.com/revue/news/604516.shtml Secuobs.com : 2016-04-24 19:05:17 - Hackaday - Wait, plexitube Is that a typo Surely we mean Nixie tubes For a Christmas project Kurt wanted to build some owl-inspired clocks with bit of a retro feel Given the complexities of finding and using actual Nixie tubes, he went with an alternative a Plexitube Plexitubes look like futuristic Nixie tubes They can have different stylized numbers They re crisp, they re bright, and they are completely customizable They re made of edgelit acrylic By laser etching the design onto pieces of acrylic and feeding LED light into the edge, very much like how a light-pipe works, it s possible to have read more http://www.secuobs.com/revue/news/604515.shtmlhttp://www.secuobs.com/revue/news/604515.shtml Secuobs.com : 2016-04-24 19:02:24 - Office of Inadequate Security - KPTV reports A Vancouver Public School District spokesperson said Skyview High School email system was hacked early Tuesday http://www.secuobs.com/revue/news/604514.shtmlhttp://www.secuobs.com/revue/news/604514.shtml Secuobs.com : 2016-04-24 17:57:31 - Office of Inadequate Security - Looks like I missed a breach report from weeks ago Troy Hunt writes Today I ve been looking at the Naughty America data http://www.secuobs.com/revue/news/604513.shtmlhttp://www.secuobs.com/revue/news/604513.shtml Secuobs.com : 2016-04-24 17:23:26 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge - Malicious attackers, have, managed, to, infiltrate, and populate, Google Play, with, hundreds, of rogue, applications, exposing, users, to mobile, malware, compromising, the, integrity, of, their, devices, and, exposing, them, to, misleading, advertisements Once, a socially, engineered, user, obtains, the, application, and, execute, it, their, device, the malware, phones, back, to, a malicious IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604512.shtmlhttp://www.secuobs.com/revue/news/604512.shtml Secuobs.com : 2016-04-24 16:48:05 - Security Bloggers Network - On February 4, 2016, more than 100 Million USD were stolen from the Bank of Bangladesh's foreign exchange reserves housed at the Federal Reserve Bank in New York The hackers had actually attempted to steal US 951 Million, in a series of three dozen SWIFT wire transfers, but were thwarted when an alert staff member found some suspicious misspellings in the name of the organization used for the fifth transfer Five transfers were completed totaling US 101 Million, although a 20M transfer to a non-profit organization in Sri Lanka was reversed due to the spelling error, which called them Shalika Fandation instead of Foundation, causing a deeper look at the transfer, and stopping an additional US 850 Million of queued transfers to other organizations Stealing 1 Billion is huge, but especially for Bangladesh, whose total foreign currency holdings are 27 Billion IMAGE The four successful transfers, totaling US 81 Million were sent to an account in the Philippines at Rizal Commercial Banking Corporation Hearings held by the Philippines Senate revealed that these accounts had been opened nine months earlier by two Chinese residents Kim Wong AKA Kam Sin Wong claims that he only acted as an interpreter to assist two other Chinese nationals, Gao Shu Hua and Ding Zhi Ze, from Beijing and Macau Gao and Wong are junket operators who are among the many small boat captains who are thought to ferry gamblers between the casinos in Macau and the Philippines In a series of quick financial operations, the funds were transferred from the Philippines to three large local casinos Midas Hotel and Casino, City of Dreams, and Solaire Resort and Casino, and then wired back to various international accounts, using the common trick of laundering the money by claiming it as gambling proceeds Fortune magazine reported that in the case of Solaire, the 29 Million was credited to the account of a Macau-based high-rolling gambler Somehow I don't think this is what Solaire was thinking of when they advertise The Great Exchange IMAGE At least one Philippine Senator, Sergio Osmeña III, claims that this is a planned loop hole in the Anti-Money Laundering Act Casinos lobbied the Senate heavily as the bill was being considered, and as a result, they are exempt from reporting suspicious financial transfers that most other commercial businesses are required to report RCBC Maia Santos-Deguito -------------------------- IMAGE image from The Philippine Star The Epoch Times reports that in at least one of these transfers, 22 Million was placed into the Jupiter Street branch of Philippines RCBC and 427,000 of those funds were withdrawn in cash and loaded into the car of Maia Santos Deguito, the brand manager The withdrawal was handled by Deguito's assistant, Angela Torres, who had the money delivered by armored car, took the money and placed it in a box, which was then transferred to a paper bag and placed in the branch manager's car GMA News picks up the story of testimony from bank employees A bank employee said in testimony that Deguito told him, I would rather do this than me being killed or my family, claiming that her life had been threatened if she refused to participate in the illegal activity But when deposed herself, Deguito says her life was never threatened The transfers from the Federal Reserve Bank of New York came to RCBC accounts under the names Michael F Cruz, Jessie C Lagrosas, Alfred S Vergara, and Enrico T Vasquez From there, 66M was withdrawn and consolidated into an account in the name of William So Go Deguito claims that Kim Wong, the front man for the Chinese pair, was a friend of bank President and CEO Lorenzo V Tan Tan denies this, although he admits having seen Wong on a number of occasions The Treasurer of RCBC, Raul Victor Tan, has resigned out of decency and honor, and despite his lack of involvement Branch Manager Deguito reported to him and is largely believed to be the main point of contact between the bank and Gao Shu Hua RCBC's president was also placed on leave from March 23rd The Central Bank Governor in Bangladesh, Atiur Rahman, has been forced to resign as well My security is so bad that I'm suing you ----------------------------------------- According to The Epoch Times, the Bank of Bangladesh hired FireEye to investigate the situation The initial FireEye report, released March 16th, indicated that at least 32 compromised assets had been identified that were part of a complex malware scheme for harvesting credentials needed for the SWIFT transfers and erasing logs of the activity in question In much the same way that small businesses have attempted to file lawsuits against their banks when their lack of security has led to malware infections that drained their accounts, the Bank of Bangladesh announced through Finance Minister AMA Muhith that they would sue the Federal Reserve Bank of New York In Al-Jazeera, Muhith is quoted as saying We've heard that Federal Reserve Bank of New York has completely denied their responsibility They don't have any right But much like the small businesses who have lost those lawsuits once their ineptitude was put on display, Bank of Bangladesh may have trouble claiming the problem resided at the Fed On Friday, April 22nd, Reuters and BBC both released stories exposing the horrible security at Bank of Bangladesh The Reuters' headline read Bangladesh Bank exposed to hackers by cheap switches, no firewall police while the BBC headline pronounced 10 router blamed in Bangladesh bank hack A forensic investigator working on the Bangladesh team, Mohammad Shah Alam, says the investigation was complicated by the lack of log files available on these discount routers, but the larger problem is the illustrated lack of any care about security that choosing such a device indicates in the first place It should be acknowledged that this contradicts the bank's statement that their firewall was penetrated by a sophisticated cyber attack The central bank had put zero tolerance security and robust firewalls in place in the back office of its foreign currency division But the cyber gang used a powerful malware to break the firewall and managed to send fake payment orders to the US bank, added the official -- source wwwasianewsnetwork content bangladesh-bank-installing-monitoring-software-11440 Who can Join Our Network ------------------------- The bigger question raised in the Reuters story, though, is what responsibility should the western banking world hold in requesting to evaluate the security of those who would attach themselves to the trillions of dollars per day global financial markets In the United States our regulations require that a holder of Personally Identifiable Information should require proof of the security of those they interact with in a wide variety of settings HIPAA, the ruleset for protecting the privacy of your medical records, began requiring HIPAA-covered entities to take responsibility for the security of their vendors who may interact with sensitive records in 2013 2014 See for example this story in IAPP -- HIPAA Changes Mean Tightening Up Vendor Relationships In the same way the Payment Card Industry standard, PCI, that protects the privacy of credit card information also requires any covered entity to perform Due Diligence of their third party vendors See their 47 page guidance on the subject, Information Supplement Third-Party Security Assurance So if my Hospital is not allowed to exchange patient data with an insurance company before checking the security of their networks, systems, and applications, and my Grocery Store is not allowed to exchange credit card information with a financial services company before checking the security their networks, systems, and applications, why would SWIFT and the Federal Reserve Bank system be allowed to move billions of dollars on behalf of banks that don't have a firewall and have 10 routers bought second hand off the Internet SWIFT has announced they would be issuing written guidance to ensure their members are practicing proper security methods Hopefully these are more robust than those in their 2012 Whitepaper CPSS-IOSCO's Principles for Financial Market Infrastructures To learn more see SWIFT Information Security Probably because we are trying to lower the barriers of entry to banks from depressed economies Is it fair to require one of the poorest nations in the world to have to spend the same type of money that western nations spend on Internet security Perhaps not But until we do, these emerging economies are going to be a continual and growing target of the cyber criminals that are willing to invest western-style funds to accomplish heists that are truly worthy of a Hollywood movie http://www.secuobs.com/revue/news/604511.shtmlhttp://www.secuobs.com/revue/news/604511.shtml Secuobs.com : 2016-04-24 16:48:05 - Security Bloggers Network - Roughly one and a half year ago we at the rsyslog project started to get serious with CI, that time with travis only Kudos to Thomas D whissi for suggesting this and helping us to setup the initial system In aid of CI, we have changed to a purely http://www.secuobs.com/revue/news/604510.shtmlhttp://www.secuobs.com/revue/news/604510.shtml Secuobs.com : 2016-04-24 16:48:05 - Security Bloggers Network - You would be wrong to think that this is just an attempt by the criminals to steal your Apple ID password - bad as that would be It's much worse than that Read more in my article on the We Live Security blog http://www.secuobs.com/revue/news/604509.shtmlhttp://www.secuobs.com/revue/news/604509.shtml Secuobs.com : 2016-04-24 16:48:05 - Security Bloggers Network - Encryption Technology and Law Enforcement Technology and law enforcement officials testified at a hearing on the use of encryption technology The post Encryption Technology and Law Enforcement Technology Testified appeared first on SecurityOrbcom http://www.secuobs.com/revue/news/604508.shtmlhttp://www.secuobs.com/revue/news/604508.shtml Secuobs.com : 2016-04-24 16:48:05 - Security Bloggers Network - The Johns Hopkins Foreign Affairs Symposium Presents The Price of Privacy Re-Evaluating the NSA The post The Johns Hopkins Foreign Affairs Symposium Presents The Price of Privacy Re-Evaluating the NSA appeared first on SecurityOrbcom http://www.secuobs.com/revue/news/604507.shtmlhttp://www.secuobs.com/revue/news/604507.shtml Secuobs.com : 2016-04-24 16:48:05 - Security Bloggers Network - Companies are often slow to acknowledge they've suffered a data breach, but verification of a publicly leaked breach is often the easy bit read more http://www.secuobs.com/revue/news/604506.shtmlhttp://www.secuobs.com/revue/news/604506.shtml Secuobs.com : 2016-04-24 16:48:05 - Security Bloggers Network - http://www.secuobs.com/revue/news/604505.shtmlhttp://www.secuobs.com/revue/news/604505.shtml Secuobs.com : 2016-04-24 16:46:16 - Office of Inadequate Security - Dell Cameron reports Mexican authorities have begun criminal proceedings into a data theft incident said to affect more http://www.secuobs.com/revue/news/604504.shtmlhttp://www.secuobs.com/revue/news/604504.shtml Secuobs.com : 2016-04-24 16:45:56 - Dinis Cruz Blog - IMAGE Over the 3 weeks I spent in the US in an RV with family I started working on a book based on the ideas shown at the New Era of Software with modern Application Security presentation v10 The current title is Measuring Software Quality using Application Security and it is going to be published at LeanPub https leanpubcom Software_Quality All content is hosted on the public GitHub repo https githubcom DinisCruz Book_Software_Quality tree master content, where you can also see a number of issues I plan to address including areas for research I am currently in the brain dump stage of development, where I'm adding the content I want to talk about in a kinda-structured way The idea is to expand the bullet points into text and normalise the content in logical areas some topics already have a first pass at expanding the ideas into final text Let me know if you want a copy of the latest version of PDF and please register your interest at Leanpub's site Here is what the current version look like which is at 80 pages IMAGE http://www.secuobs.com/revue/news/604503.shtmlhttp://www.secuobs.com/revue/news/604503.shtml Secuobs.com : 2016-04-24 16:13:13 - Hackaday - Hackers love to monitor things Whether it s the outside temperature or the energy used to take a shower, building a sensor and displaying a real-time graph of the data is hacker heaven But the most interesting graphs comes from monitoring overall power use, and that s where this optically coupled smart-meter monitor comes in Michel s meter reader is pretty straightforward His smart wattmeter is equipped with an IR LED that pips for every watt-hour consumed, so optical coupling was a natural approach The pulse itself is only 10 ms wide, so he built a pulse stretcher to condition the pulse for read more http://www.secuobs.com/revue/news/604502.shtmlhttp://www.secuobs.com/revue/news/604502.shtml Secuobs.com : 2016-04-24 13:02:09 - Hackaday - Dann Albright writes about some small experiments he s done in home security He starts with the simplest Which is to purchase an off the shelf web camera, and hook it up to software built to do the task The first software he uses is the free, iSpy open source software This adds basic features like motion detection, time stamping, logging, and an interface He also explores other commercial options Next he delves a bit deeper He starts by making a simple motion detector When the Arduino detects motion using a PIR sensor it gets a computer to text an alert read more http://www.secuobs.com/revue/news/604501.shtmlhttp://www.secuobs.com/revue/news/604501.shtml Secuobs.com : 2016-04-24 11:33:43 - TorrentFreak - According to the IFPI's head of anti-piracy, calling illegal downloading piracy has become somewhat of a hindrance Those confronted with the term are more likely to romanticize the topic, Graeme Grant suggests, but can simply changing the name of something really change the beast Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604500.shtmlhttp://www.secuobs.com/revue/news/604500.shtml Secuobs.com : 2016-04-24 11:15:54 - Digital Forensics Magazine Investigating the digital world - CLICK HERE NOW TO Get all the latest News Directly from our BLOG All our lastest news is published directly on our blog where you can provide feedback, comments and connect directly with us DFMag Click here now to be take directly to the lastest and most relevant news articles http://www.secuobs.com/revue/news/604499.shtmlhttp://www.secuobs.com/revue/news/604499.shtml Secuobs.com : 2016-04-24 10:03:48 - Hackaday - Rjeuch liked a wooden clock he saw on the Internet, but the gears were produced with a proprietary software tool So he built his own version Unlike the original, however, he chose to use a stepper motor to drive the hands The clock s gears aren t just for show, and the post does a good job explaining how the gears work, how you might customize them, and how they fit together The clock s electronics rely on an Arduino The issue with an Arduino, of course, is that the time base isn t always good enough to keep time over long periods To fix read more http://www.secuobs.com/revue/news/604498.shtmlhttp://www.secuobs.com/revue/news/604498.shtml Secuobs.com : 2016-04-24 07:22:17 - Hackaday - Electronic tweezers the kind that can test the voltage between two contacts, the resistance of an SMD resistor, or the capacitance of a circuit are very cool and very useful if somewhat expensive We ve seen commercial versions of these smart tweezers, hacks to make them more useful, and homebrew versions that still work very well All of these versions are pretty large, as far as tweezers go kodera2t s version of electronic tweezers submitted for this year s Hackaday Prize goes in the other direction it s the smallest set of electronic tweezers that s still useful kodera s electronic sensing tweezers only measure read more http://www.secuobs.com/revue/news/604497.shtmlhttp://www.secuobs.com/revue/news/604497.shtml Secuobs.com : 2016-04-24 04:16:27 - Hackaday - As someone who started using computers in the last century, I find the current resurgence of pen plotters somewhat nostalgic The difference, of course, is that this century it is easier to make your own, which is what Miguel Sanchez is doing Inspired by the Axidraw, he is making his own pen plotter He s made great progress so far, creating a design that looks quite simple to build His design is driven by an Arduino Uno with a stepper shield, a couple of NEMA 17 stepper motors and a servo to raise and lower the pen Throw in a few rods, read more http://www.secuobs.com/revue/news/604496.shtmlhttp://www.secuobs.com/revue/news/604496.shtml Secuobs.com : 2016-04-24 03:49:38 - Slashdot Your Rights Online - An anonymous reader shares an article on The Register A bug bounty hunter compromises a Facebook staff server through a sloppy file-sharing webapp -- and finds someone's already beaten him to it by backdooring the machine The pseudo-anonymous penetration tester Orange Tsai, who works for Taiwan-based outfit Devcore, banked 10,000 from Facebook in February for successfully drilling into the vulnerable system According to Tsai, he or she stumbled across malware installed by someone else that was stealing usernames and passwords of FB employees who logged into the machine The login credentials were siphoned off to an outside computer According to Facebook security engineer Reginaldo Silva, the password-slurping malware was installed by another security researcher who had earlier poked around within Facebook's system in an attempt to snag a bug bounty IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604495.shtmlhttp://www.secuobs.com/revue/news/604495.shtml Secuobs.com : 2016-04-24 02:04:16 - Slashdot Your Rights Online - An anonymous reader shares an article on The Guardian Alphabet's executive chairman, Eric Schmidt, recently joined a Department of Defense advisory panel Facebook recently hired a former director at the US military's research lab, Darpa Uber employs Barack Obama's former campaign manager David Plouffe and Amazoncom tapped his former spokesman Jay Carney Google, Facebook, Uber and Apple collectively employ a couple of dozen former analysts for America's spy agencies, who openly list their resumes on LinkedIn These connections are neither new nor secret But the fact they are so accepted illustrates how tech's leaders -- even amid current fights over encryption and surveillance -- are still seen as mostly US firms that back up American values Christopher Soghoian, a technologist with the American Civil Liberties Union, said low-level employees' government connections matter less than leading executives' ties to government For instance, at least a dozen Google engineers have worked at the NSA, according to publicly available records on LinkedIn And, this being Silicon Valley, not everyone who worked for a spy agency advertises that on LinkedIn Soghoian, a vocal critic of mass surveillance, said Google hiring an ex-hacker for the NSA to work on security doesn't really bother him But Eric Schmidt having a close relationship with the White House does, he saidDanny Yadron, said, What's worse for a Silicon Valley executive ties to the Chinese military or friends in the US Defense Department IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604494.shtmlhttp://www.secuobs.com/revue/news/604494.shtml Secuobs.com : 2016-04-24 01:23:54 - Hackaday - Every new generation of computers repeats the techniques used by the earlier generations Kim Salmi created an ASCII-based quadcopter simulation game using an Arduino that displays on the Arduino serial monitor The modern twist is the controller an accelerometer supplements the joystick for immersive play And of course there are flashing LEDs An Arduino Uno provides the processing power and drives the serial monitor A joystick and a Hitachi H48C accelerometer are mounted on a breadboard and wired to the Uno The tilting of the accelerometer controls the height and left-right motion of the quadcopter on the screen The joystick read more http://www.secuobs.com/revue/news/604493.shtmlhttp://www.secuobs.com/revue/news/604493.shtml Secuobs.com : 2016-04-23 22:54:07 - Slashdot Your Rights Online - An anonymous reader writes Dutch police have seized and shut down Ennetcom, an encrypted communications network with 19,000 users, according to Reuters The network's 36-year-old owner, Danny Manupassa, has also been arrested, and faces charges of money laundering and illegal weapons possession, while the information obtained in the seizure may also be used for other criminal prosecutions Police and prosecutors believe that they have captured the largest encrypted network used by organized crime in the Netherlands, prosecutors said in a statement Although using encrypted communications is legal, Reuters reports, many of the network's users are believed to have been engaged in 'serious criminal activity,' said spokesman Wim de Bruin of the national prosecutor's office, which noted that the company's modified phones have repeatedly turned up in cases involving drugs, criminal motorcycle gangs, and gangland killings A spokesman for the National Prosecutor's office declined to comment on whether and how police would be able to decrypt information kept on the servers IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604492.shtmlhttp://www.secuobs.com/revue/news/604492.shtml Secuobs.com : 2016-04-23 22:16:04 - Hackaday - A camera slider is an accessory that can really make a shot But when your business is photography rather than building camera accessories, quick-and-dirty solutions often have to suffice Thus the genesis of this camera slider controller The photographer in question in Paulo Renato , and while his passion may be photography, he seems to have a flair for motorized dollies and sliders This controller is a variable-speed, reversible, PIC-based design that drives an eBay gearmotor The circuit lives on a scrap of perfboard, and it along with batteries and a buck converter are stuffed into the case-modded remains of an read more http://www.secuobs.com/revue/news/604491.shtmlhttp://www.secuobs.com/revue/news/604491.shtml Secuobs.com : 2016-04-23 20:21:24 - That grumpy BSD guy - Anecdotal evidence seems to indicate that Google and possibly other mail service providers are either quite ignorant of history when it comes to email and spam, or are applying unsavoury tactics to capture market dominance The first inklings that Google had reservations about delivering mail coming from my bsdlynet domain came earlier this year, when I was contacted by friends who have left their email service in the hands of Google, and it turned out that my replies to their messages did not reach their recipients, even when my logs showed that the Google mail servers had accepted the messages for delivery Contacting Google about matters like these means you first need to navigate some web forums In this particular case I won't give a direct reference, but a search on the likely keywords will likely turn up the relevant exchange , the denizens of that web forum appeared to be more interested in demonstrating their BOFHishness than actually providing input on debugging and resolving an apparent misconfiguration that was making valid mail disappear without a trace after it had entered Google's systems The forum is primarily intended as a support channel for people who host their mail at Google this becomes very clear when you try out some of the web accessible tools to check domains not hosted by Google , so the only practial result was that I finally set up DKIM signing for outgoing mail from the domain, in addition to the SPF records that were already in place I'm in fact less than fond of either of these SMTP addons, but there were anyway other channels for contact with my friends, and I let the matter rest there for a while If you've read earlier instalments in this column, you will know that I've operated bsdlynet with an email service since 2004 and a handful of other domains from some years before the bsdlynet was set up, sharing to varying extents the same infrastructure One feature of the bsdlynet and associated domains setup is that in 2006, we started publishing a list of known bad addresses in our domains, that we used as spamtrap addresses as well as publising the blacklist that the greytrapping generates Over the years the list of spamtrap addresses -- harvested almost exclusively from records in our logs and greylists of apparent bounces of messages sent with forged From addresses in our domains - has grown to a total of 29757 spamtraps, a full 7387 in the bsdlynet domain alone At the time I'm writing this 31162 hosts have attempted to deliver mail to one of those spamtrap addresses The exact numbers will likely change by the time you read this -- blacklisted addresses expire 24 hours after last contact, and new spamtrap addresses generally turn up a few more each week With some simple scriptery, we pick them out of logs and greylists as they appear, and sometimes entire days pass without new candidates appearing For a more general overview of how I run the blacklist, see this post from 2013 In addition to the spamtrap addresses, the bsdlynet domain has some valid addresses including my own, and I've set up a few addresses for specific purposes actually aliases , mainly set up so I can filter them into relevant mailboxes at the receiving end Despite all our efforts to stop spam, occasionally spam is delivered to those aliases too see eg the ethics of running the traplist page for some amusing examples Then this morning a piece of possibly well intended but actually quite clearly unwanted commercial email turned up, addressed to one of those aliases For no actually good reason, I decided to send an answer to the message, telling them that whoever sold them the address list they were using were ripping them off That message bounced, and it turns out that the domain was hosted at Google Reading that bounce message is quite interesting, because if you read the page they link to, it looks very much like whoever runs Google Mail doesn't know what a joejob is The page, which again is intended mainly for Google's own customers, specifies that you should set up SPF and DKIM for domains But looking at the headers, the message they reject passes both those criteria Received-SPF pass googlecom domain of peter bsdlynet designates 2001 16d8 ff00 1a9 2 as permitted sender client-ip 2001 16d8 ff00 1a9 2 Authentication-Results mxgooglecom dkim pass test mode headeri bsdlynet spf pass googlecom domain of peter bsdlynet designates 2001 16d8 ff00 1a9 2 as permitted sender smtpmailfrom peter bsdlynet DKIM-Signature v 1 a rsa-sha256 q dns txt c relaxed relaxed d bsdlynet s x h Content-Transfer-Encoding Content-Type In-Reply-To MIME-Version Date Message-ID From References To Subject bh OonsF8beQz17wcKmu EJl34N5bW6uUouWw4JVE5FJV8 b hGgolFeqxOOD UdGXbsrbwf8WuMoe1vCnYJSTo5M9W2k2yy7wtpkMZOmwkEqZR0XQyj6qoCSriC6Hjh0WxWuMWv5BDZPkOEE3Wuag9 KuNGd7RL51BFcltcfyepBVLxY8aeJrjRXLjXS11TIyWenpMbtAf1yiNPKT1weIX3IYSw Then for reasons known only to themselves, or most likely due to the weight they assign to some unknown data source, they reject the message anyway We do not know what that data source is But with more than seven thousand bogus addresses that have generated bounces we've registered it's likely that the number of invalid bsdlynet From addresses Google's systems has seen is far larger than the number of valid ones The actual number of bogus addresses is likely higher, though in the early days the collection process had enough manual steps that we're bound to have missed some Valid bsdlynet addresses that do not eventually resolve to a mailbox I read are rare if not entirely non-existent But the 'bulk mail' classification is bizarre if you even consider checking Received headers The reason Google's systems most likely has seen more bogus bsdlynet From addresses than valid ones is that by historical accident faking sender email addresses in SMTP dialogues is trivial Anecdotal evidence indicates that if a domain exists it will sooner or later be used in the from field of some spam campaign where the messages originate somewhere else completely, and for that very reason the SPF and DKIM mechanisms were specified I find both mechanisms slightly painful and inelegant, but used in their proper context, they do have their uses For the domains I've administered, we started seeing saw log entries, and in the cases where the addresses were actually deliverable, actual bounce messages for messages that definitely did not originate at our site and never went through our infrastructure a long time before bsdlynet was created We didn't even think about recording those addresses until a practical use for them suddenly appeared with the greytrapping feature in OpenBSD 33 in 2003 A little while after upgrading the relevant systems to OpenBSD 33, we had a functional greytrapping system going, at some point before the 2007 blog post I started publishing the generated blacklist The rest is, well, what got us to where we are today From the data we see here, mail sent with faked sender addresses happens continuously and most likely to all domains, sooner or later Joejobs that actually hit deliverable addresses happen too Raw data from a campaign in late 2014 that used my main address as the purported sender is preserved here, collected with a mind to writing an article about the incident and comparing to a similar batch from 2008 That article could still be written at some point, and in the meantime the messages and specifically their headers are worth looking into if you're a bit like me That is, if you get some enjoyment out of such things as discovering the mindbogglingly bizarre and plain wrong mail configurations some people have apparently chosen to live with Anyone who runs a mail service and bothers even occasionally to read mail server logs will know that joejobs and spam campaigns with fake and undeliverable return addresses happen all the time If Google's mail admins are not aware of that fact, well, I'll stop right there and refuse to believe that they can be that incompentent The question then becomes, why are they doing this Are they giving other independent operators the same treatment If this is part of some kind of intimidation campaign think sign up for our service and we'll get your mail delivered, but if you don't, delivering to domains that we host becomes your problem I would think a campaign of intimiation would be a less than useful strategy when there are alread antitrust probes underway, these things can change direction as discoveries dictate Normally I would put oddities like the ones I saw in this case down to a silly misconfiguration, some combination of incompetence and arrogance and, quite possibly, some out of control automation thrown in But here we are seeing clearly wrong behavior from a company that prides itself in hiring only the smartest people they can find That doesn't totally rule out incompetence or plain bad luck, but it makes for a very strange episode And lest we forget, here is some data on a previous episode involving a large US corporation, spam and general silliness One other interesting question is whether other operators, big and small behave in any similar ways If you have seen phenomena like this involving Google or other operators, I would like to hear from you by email easily found in this article or in comments Opinions offered here are my own and may or may not reflect the views of my employer --------------------------------------------------------------------- I will be giving a PF tutorial at BSDCan 2016, and I welcome your questions now that I'm revising the material for that session See this blog post for some ideas note that I'm only giving the PF tutorial this time around http://www.secuobs.com/revue/news/604490.shtmlhttp://www.secuobs.com/revue/news/604490.shtml Secuobs.com : 2016-04-23 19:49:37 - Office of Inadequate Security - This column by Cecilio Arillo has some interesting figures and concerns IF no security contingency plan is yet in http://www.secuobs.com/revue/news/604489.shtmlhttp://www.secuobs.com/revue/news/604489.shtml Secuobs.com : 2016-04-23 19:17:21 - Hackaday - Even the most die-hard Arduino fan boys have to admit that the Arduino development environment isn t the world s greatest text editor they d probably argue that its simplicity is its strength, but let s ignore that for now If you are used to using a real code editor, you ll probably switch to doing your Arduino coding in that and then use the external editor integration in the IDE That works pretty well, but there are other options One we noticed, PlatformIO, extends GitHub s Atom editor That makes it cross-platform, powerful, and with plenty of custom plug ins It also supports a range read more http://www.secuobs.com/revue/news/604488.shtmlhttp://www.secuobs.com/revue/news/604488.shtml Secuobs.com : 2016-04-23 18:42:19 - TorrentFreak - A free Android SMS app that has been downloaded millions of times is spooking people using cracked versions In a threatening message Textra SMS tells pirate users it has a policy of reporting repeat violators unless they install a legitimate copy in three days Needless to say, some users are running scared Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604487.shtmlhttp://www.secuobs.com/revue/news/604487.shtml Secuobs.com : 2016-04-23 17:42:45 - Hackaday - Sometimes there is no substitute for a real working model to tinker with when it comes to understanding how something works Take a brushless motor for example You may know how they work in principle, but what factors affect their operation and how do those factors interact Inspired by some recent Hackaday posts on brushless motors, Matt Venn has built a simple breadboard motor designed for the curious to investigate these devices The rotor and motor bodies are laser-cut ply, and the rotor is designed to support multiple magnet configurations There is only one solenoid, the position of which relative read more http://www.secuobs.com/revue/news/604486.shtmlhttp://www.secuobs.com/revue/news/604486.shtml Secuobs.com : 2016-04-23 16:38:35 - Office of Inadequate Security - Akanksha Jayanthi reports that Oneida Health Center in Wisconsin has reported a data breach after a flash drive containing http://www.secuobs.com/revue/news/604485.shtmlhttp://www.secuobs.com/revue/news/604485.shtml Secuobs.com : 2016-04-23 16:06:25 - Hackaday - It has finally arrived, today is World Create Day which is being celebrated with Hackaday Meetups in 64 cities throughout the world If you are at one of these meetups, share the fun and excitement of your event today using the hashtag WorldCreateDay We want a taste of what is going on in your town so Tweet early and Tweet often If you can t be there, join in on Hack Chat and watch the projects as they come in throughout the day If you see one you love you can even request to join the team We want to feature read more http://www.secuobs.com/revue/news/604484.shtmlhttp://www.secuobs.com/revue/news/604484.shtml Secuobs.com : 2016-04-23 16:03:23 - Office of Inadequate Security - Yvette C Hammett reports A consultant working to upgrade Tampa International Airport s computer system last year caused http://www.secuobs.com/revue/news/604483.shtmlhttp://www.secuobs.com/revue/news/604483.shtml Secuobs.com : 2016-04-23 15:29:05 - Office of Inadequate Security - As bad as the Mexican voter database leak may seem, the hack and data dump affecting over 55 million Filipino voters is much http://www.secuobs.com/revue/news/604482.shtmlhttp://www.secuobs.com/revue/news/604482.shtml Secuobs.com : 2016-04-23 14:55:06 - Office of Inadequate Security - After 24 days of updating my scratch list of incidents involving phishing for W-2 information business email compromise , I http://www.secuobs.com/revue/news/604481.shtmlhttp://www.secuobs.com/revue/news/604481.shtml Secuobs.com : 2016-04-23 14:55:06 - Office of Inadequate Security - Overnight, I received a response from the INE with answers to some questions I had posed to them about a massive database http://www.secuobs.com/revue/news/604480.shtmlhttp://www.secuobs.com/revue/news/604480.shtml Secuobs.com : 2016-04-23 13:06:12 - Hackaday - As much as we like addressable LEDs for their obedience, why do we always have to control everything At least participants of the MusicMaker Hacklab, which was part of the Artefact Festival in February this year, have learned, that sometimes we should just sit down with our electronics and listen With the end of the Artefact Festival approaching, they still had this leftover color-changing LED from an otherwise scavenged toy reverb microphone When powered by a 9 V battery, the LED would start a tiny light show, flashing, fading and mixing the very best out of its three primary colors read more http://www.secuobs.com/revue/news/604479.shtmlhttp://www.secuobs.com/revue/news/604479.shtml Secuobs.com : 2016-04-23 10:52:52 - TorrentFreak - The Russian Wikimedia chapter has nominated the popular torrent tracker RuTracker and Sci-Hub founder Alexandra Elbakyan for their annual Free Knowledge award Both sites are praised for their efforts to freely distribute media and scientific publications, although opponents call them out as piracy havens Source TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/604478.shtmlhttp://www.secuobs.com/revue/news/604478.shtml Secuobs.com : 2016-04-23 10:22:00 - Hackaday - MisterM is a man after our own heart He loves to combine the aesthetic of vintage equipment with the utility of new technologies His latest venture is AlexaPhone, which marries the nearly instantaneous retrieval and computation power of Amazon s Alexa voice service with the look and feel of a 1970s rotary phone Best of all, there s no need to spin the dial and wait for it to go whirring back around AlexaPhone is ready to take questions as soon as the handset is lifted Questions are transmitted through a salvaged USB VOIP phone plugged into the Pi The user must hang up the receiver in read more http://www.secuobs.com/revue/news/604477.shtmlhttp://www.secuobs.com/revue/news/604477.shtml Secuobs.com : 2016-04-23 10:19:45 - Secure Thoughts - Summary Netflix is an awesome way to watch all of your favourite shows, but it s not always available outside the US In many countries the content either varies, or its blocked completely With a VPN, you can unblock your access to your Netflix account and stream anywhere The best VPN The post How To Watch American Netflix appeared first on Secure Thoughts http://www.secuobs.com/revue/news/604476.shtmlhttp://www.secuobs.com/revue/news/604476.shtml Secuobs.com : 2016-04-23 07:20:50 - Hackaday - You don t need an Arduino for everything Or do you This is an argument that plays out here quite often Whatever the outcome, most folks agree that once you ve dipped your feet in the shallow end of the pool, the real fun is when you dive into the deep end Mahesh Venkitachalam designed tinyDriver, an experimental Open Source breakout board for the Atmel ATtiny84 chip His idea was to create a convenient platform which can be used to understand microcontrollers in-depth, by letting users dive under the hood and make use of the various features of the chip such as read more http://www.secuobs.com/revue/news/604475.shtmlhttp://www.secuobs.com/revue/news/604475.shtml Secuobs.com : 2016-04-23 05:34:00 - Office of Inadequate Security - Jennifer O Brien reports Police and school board officials are investigating after a student hacked into a file http://www.secuobs.com/revue/news/604474.shtmlhttp://www.secuobs.com/revue/news/604474.shtml Secuobs.com : 2016-04-23 04:11:36 - Hackaday - Hans Peter had reached the moment of popping the question Going down on one knee and proposing to his girlfriend, the full romantic works He s a brave man, Hans For instead of heading for the jeweller s and laying down his savings on something with a diamond the size of a quail s egg he decided that his ring should contain something very much of him So he decided to 3D print a ring and embed a slowly pulsing LED in it He does mention that this ring is a temporary solution, so perhaps his soon-to-be-Mrs will receive something sparkly and expensive read more http://www.secuobs.com/revue/news/604473.shtmlhttp://www.secuobs.com/revue/news/604473.shtml Secuobs.com : 2016-04-23 01:11:18 - Hackaday - Ubuntu just came out with the new long-term support version of their desktop Linux operating system It s got a few newish features, including incorporating the snap package management format One of the claims about snaps is that they re more secure being installed read-only and essentially self-contained makes them harder to hack across applications In principle mjg59 took issue with their claims of increased cross-application security And rather than just moan, he patched together an exploit that s disguised as a lovable teddy bear The central flaw is something like twenty years old now X11 has no sense of permissions and read more http://www.secuobs.com/revue/news/604472.shtmlhttp://www.secuobs.com/revue/news/604472.shtml Secuobs.com : 2016-04-23 00:11:25 - Slashdot Your Rights Online - mrspoonsi quotes a report from BCC All companies, including Apple, should pay a 50pourcents tax rate, Apple co-founder Steve Wozniak has told the BBC He said he doesn't like the idea that Apple does not pay tax at the same rate he does personally I don't like the idea that Apple might be unfair -- not paying taxes the way I do as a person I do a lot of work, I do a lot of travel and I pay over 50pourcents of anything I make in taxes and I believe that's part of life and you should do it When asked if Apple should pay that amount, he replied Every company in the world should He said he was never interested in money, unlike his former partner Steve Jobs Steve Jobs started Apple Computers for money, that was his big thing and that was extremely important and critical and good Three years ago the company admitted two of its Irish subsidiaries pay a rate of 2pourcents It has built up offshore cash reserves of around 200 billion -- beyond the reach of US tax officials In a CBS '60 Minutes' episode, Apple CEO Steve Cook dismissed as total political crap the notion that the tech giant was avoiding taxes And on a semi-related note, presidential candidate Donald Trump said in January he'd like to make Apple start building their damn computers and things in this country instead of other countries He said he would impose a 35pourcents business tax on American business manufacturing outside of the US if elected president IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/604471.shtmlhttp://www.secuobs.com/revue/news/604471.shtml