http://seclists.org/#isn en-us Carries news items (generally from mainstream sources) that relate to security. Wed, 23 May 2012 11:45:06 GMT Wed, 23 May 2012 11:45:06 GMT http://seclists.org/isn/2012/May/69 <p>Posted by InfoSec News on May 23</p><a rel="nofollow" href="http://arstechnica.com/security/2012/05/anatomy-of-a-hack-6-separate-bugs-needed-to-bring-down-google-browser/">http://arstechnica.com/security/2012/05/anatomy-of-a-hack-6-separate-bugs-needed-to-bring-down-google-browser/</a><br> <br> By Dan Goodin<br> Ars Technica<br> May 22 2012<br> <br> An exploit that fetched a teenage hacker a $60,000 bounty targeted six <br> different security bugs to break out of the security sandbox fortifying <br> Google&apos;s Chrome browser.<br> <br> The extreme lengths taken in March by a hacker identified only as Pinkie <br> Pie underscore the difficulty of piercing this...<br> Wed, 23 May 2012 11:32:00 GMT http://seclists.org/isn/2012/May/69 http://seclists.org/isn/2012/May/68 <p>Posted by InfoSec News on May 23</p><a rel="nofollow" href="http://www.csoonline.com/article/706824/new-white-house-cybersecurity-chief-largely-an-unknown">http://www.csoonline.com/article/706824/new-white-house-cybersecurity-chief-largely-an-unknown</a><br> <br> By Taylor Armerding<br> CSO<br> May 21, 2012<br> <br> Named late last week to replace Howard Schmidt as the top White House <br> cybersecurity adviser, Michael Daniel is a 17-year veteran of the Office <br> of Management and Budget (OMB) and has been its intelligence branch <br> chief for the past 11 years. But he has stayed largely under the radar, <br> even in the cybersecurity...<br> Wed, 23 May 2012 11:30:47 GMT http://seclists.org/isn/2012/May/68 http://seclists.org/isn/2012/May/67 <p>Posted by InfoSec News on May 23</p><a rel="nofollow" href="https://www.computerworld.com/s/article/9227387/Banking_malware_spies_on_victims_by_hijacking_webcams_microphones_researchers_say">https://www.computerworld.com/s/article/9227387/Banking_malware_spies_on_victims_by_hijacking_webcams_microphones_researchers_say</a><br> <br> By Lucian Constantin<br> IDG News Service<br> May 22, 2012<br> <br> A new variant of SpyEye malware allows cybercriminals to monitor <br> potential bank fraud victims by hijacking their webcams and microphones, <br> according to security researchers from antivirus vendor Kaspersky Lab.<br> <br> SpyEye is a computer Trojan horse that specifically...<br> Wed, 23 May 2012 11:29:37 GMT http://seclists.org/isn/2012/May/67 http://seclists.org/isn/2012/May/66 <p>Posted by InfoSec News on May 23</p><a rel="nofollow" href="http://www.wired.com/threatlevel/2012/05/nsa-college-students/">http://www.wired.com/threatlevel/2012/05/nsa-college-students/</a><br> <br> By Kim Zetter<br> Threat Level<br> Wired.com<br> May 22, 2012<br> <br> The National Security Agency is partnering with select universities to <br> train students in cyber operations for intelligence, military and law <br> enforcement jobs, work that will remain secret to all but a select group <br> of students and faculty who pass clearance requirements, according to <br> Reuters.<br> <br> The cyber-operations curriculum is...<br> Wed, 23 May 2012 11:28:26 GMT http://seclists.org/isn/2012/May/66 http://seclists.org/isn/2012/May/65 <p>Posted by InfoSec News on May 23</p><a rel="nofollow" href="http://news.techworld.com/security/3359074/security-vulnerability-reporting-framework-upgraded-for-researchers/">http://news.techworld.com/security/3359074/security-vulnerability-reporting-framework-upgraded-for-researchers/</a><br> <br> By John E Dunn<br> Techworld<br> 21 May 2012<br> <br> The security industry’s Common Vulnerability Reporting Framework (CVRF) <br> framework for reporting and sharing security vulnerabilities in a <br> machine-readable format has been given a promised revamp to make it <br> easier to use for third-party researchers.<br> <br> Managed by industry body, the Industry...<br> Wed, 23 May 2012 11:27:07 GMT http://seclists.org/isn/2012/May/65 http://seclists.org/isn/2012/May/64 <p>Posted by InfoSec News on May 21</p><a rel="nofollow" href="http://www.chicagotribune.com/news/local/ct-met-nato-website-down-20120521,0,5070454.story">http://www.chicagotribune.com/news/local/ct-met-nato-website-down-20120521,0,5070454.story</a><br> <br> By Hal Dardick<br> Chicago Tribune<br> May 21, 2012<br> <br> Anti-NATO hackers brought down the city of Chicago&apos;s home page for hours <br> Sunday as leaders of the military alliance met in Chicago and thousands <br> of protesters took to the streets.<br> <br> The page, cityofchicago.org, went down from midmorning until early <br> afternoon after a shadowy group posted a YouTube video...<br> Tue, 22 May 2012 06:35:59 GMT http://seclists.org/isn/2012/May/64 http://seclists.org/isn/2012/May/63 <p>Posted by InfoSec News on May 21</p><a rel="nofollow" href="http://arstechnica.com/security/2012/05/rsa-securid-software-token-cloning-attack/">http://arstechnica.com/security/2012/05/rsa-securid-software-token-cloning-attack/</a><br> <br> by Dan Goodin<br> Ars Technica<br> May 21 2012<br> <br> A researcher has devised a method attackers with control over a victim&apos;s <br> computer can use to clone the secret software token that RSA&apos;s SecurID <br> uses to generate one-time passwords.<br> <br> The technique, described on Thursday by a senior security analyst at a <br> firm called SensePost, has important implications for the...<br> Tue, 22 May 2012 06:34:51 GMT http://seclists.org/isn/2012/May/63 http://seclists.org/isn/2012/May/62 <p>Posted by InfoSec News on May 21</p><a rel="nofollow" href="http://www.csoonline.com/article/706738/is-cloud-based-security-really-cheaper-">http://www.csoonline.com/article/706738/is-cloud-based-security-really-cheaper-</a><br> <br> By Antone Gonsalves<br> CSO<br> May 21, 2012<br> <br> Businesses in new study were five times more likely to have decreased <br> spending on managing security over three years.<br> <br> As part of its marketing strategy for selling to small- and medium-size <br> businesses (SMBs), Microsoft this week released the results of a study <br> on the use of cloud-bases security. The survey of SMBs, whether...<br> Tue, 22 May 2012 06:33:43 GMT http://seclists.org/isn/2012/May/62 http://seclists.org/isn/2012/May/61 <p>Posted by InfoSec News on May 21</p><a rel="nofollow" href="http://www.darkreading.com/security-monitoring/167901086/security/attacks-breaches/240000784/iranian-hackers-claim-they-compromised-nasa-ssl-digital-certificate.html">http://www.darkreading.com/security-monitoring/167901086/security/attacks-breaches/240000784/iranian-hackers-claim-they-compromised-nasa-ssl-digital-certificate.html</a><br> <br> By Kelly Jackson Higgins<br> Dark Reading<br> May 21, 2012<br> <br> A self-professed Iranian hacker gang announced in an online post that it <br> compromised an SSL certificate belonging to NASA and subsequently <br> accessed information on &quot;thousands&quot; of NASA researchers.<br> <br> Word of the alleged...<br> Tue, 22 May 2012 06:32:37 GMT http://seclists.org/isn/2012/May/61 http://seclists.org/isn/2012/May/60 <p>Posted by InfoSec News on May 21</p><a rel="nofollow" href="https://www.zdnet.com/blog/security/anonymous-hacks-bureau-of-justice-leaks-17gb-of-data/12260">https://www.zdnet.com/blog/security/anonymous-hacks-bureau-of-justice-leaks-17gb-of-data/12260</a><br> <br> By Emil Protalinski<br> Zero Day<br> ZDNet May 21, 2012<br> <br> The hacktivist group Anonymous claims to have leaked 1.7GB of data <br> belonging to the United States Bureau of Justice Statistics (BJS). The <br> file, which has been uploaded as a torrent and posted on The Pirate Bay, <br> reportedly contains internal e-mails as well as the website’s “entire <br> database...<br> Tue, 22 May 2012 06:31:12 GMT http://seclists.org/isn/2012/May/60 http://seclists.org/isn/2012/May/59 <p>Posted by InfoSec News on May 18</p><a rel="nofollow" href="http://www.darkreading.com/compliance/167901112/security/news/240000583/obama-cybersecurity-czar-schmidt-steps-down.html">http://www.darkreading.com/compliance/167901112/security/news/240000583/obama-cybersecurity-czar-schmidt-steps-down.html</a><br> <br> By Kelly Jackson Higgins<br> Dark Reading<br> May 17, 2012<br> <br> The nation&apos;s first cybersecurity czar, Howard A. Schmidt, has resigned <br> his historic post and will be succeeded by Michael Daniel, chief of the <br> White House budget office&apos;s intelligence branch.<br> <br> Schmidt said in a statement that he is leaving to spend more time with...<br> Fri, 18 May 2012 10:12:16 GMT http://seclists.org/isn/2012/May/59 http://seclists.org/isn/2012/May/58 <p>Posted by InfoSec News on May 18</p><a rel="nofollow" href="http://www.theatlanticwire.com/technology/2012/05/how-stuxnet-came-back-haunt-us/52466/">http://www.theatlanticwire.com/technology/2012/05/how-stuxnet-came-back-haunt-us/52466/</a><br> <br> By Megha Rajagopalan<br> ProPublica<br> May 17, 2012<br> <br> Last week, the Department of Homeland Security revealed a rash of cyber <br> attacks on natural gas pipeline companies. Just as with previous cyber <br> attacks on infrastructure, there was no known physical damage. But <br> security experts worry it may only be a matter of time.<br> <br> Efforts to protect pipelines and other...<br> Fri, 18 May 2012 10:11:11 GMT http://seclists.org/isn/2012/May/58 http://seclists.org/isn/2012/May/57 <p>Posted by InfoSec News on May 18</p><a rel="nofollow" href="http://www.arabtimesonline.com/NewsDetails/tabid/96/smid/414/ArticleID/183360/reftab/36/t/KSE-site-hacked-on-day-of-launching/Default.aspx">http://www.arabtimesonline.com/NewsDetails/tabid/96/smid/414/ArticleID/183360/reftab/36/t/KSE-site-hacked-on-day-of-launching/Default.aspx</a><br> <br> Arab Times<br> 18/05/2012<br> <br> KUWAIT CITY, May 17: The website of Kuwait Stock Exchange (KSE) was <br> hacked on the day it was launched, reports Al-Jaridah daily quoting <br> reliable sources.<br> <br> They disclosed that the hackers managed to copy all data from the <br> website before deleting them. The website administration team...<br> Fri, 18 May 2012 10:10:01 GMT http://seclists.org/isn/2012/May/57 http://seclists.org/isn/2012/May/56 <p>Posted by InfoSec News on May 18</p><a rel="nofollow" href="http://www.informationweek.com/news/security/vulnerabilities/240000575">http://www.informationweek.com/news/security/vulnerabilities/240000575</a><br> <br> By Mathew J. Schwartz<br> InformationWeek<br> May 17, 2012<br> <br> Beware fake Chrome installers for Windows.<br> <br> A file named &quot;ChromeSetup.exe&quot; is being offered for download on various <br> websites, and the link to the file appears to be legitimately hosted on <br> Facebook and Google domains. In reality, the software won&apos;t install <br> Google&apos;s Chrome browser, but an...<br> Fri, 18 May 2012 10:08:55 GMT http://seclists.org/isn/2012/May/56 http://seclists.org/isn/2012/May/55 <p>Posted by InfoSec News on May 18</p><a rel="nofollow" href="http://news.techworld.com/security/3358334/uk-now-top-ten-nation-for-hacking-traffic-logs-show/">http://news.techworld.com/security/3358334/uk-now-top-ten-nation-for-hacking-traffic-logs-show/</a><br> <br> By John E Dunn<br> Techworld<br> 17 May 2012<br> <br> A growing volume of attempted hacks and probes has propelled the UK into <br> the global top ten for this type of traffic, the NCC group has reported.<br> <br> For the first three months of 2012, the UK was at number seven on the <br> list with 2.4 percent of hacking traffic according to intrusion <br> detection log data sourced from...<br> Fri, 18 May 2012 10:07:32 GMT http://seclists.org/isn/2012/May/55