brides-cond – Page 63 – Tech Today w/ Ken May

More than 360,000 Apache websites imperiled by critical Plesk vulnerability

Wikimedia Hundreds of thousands of websites could be endangered by publicly available attack code exploiting a critical vulnerability in the Plesk control panel . This particular vulnerability gives hackers control of the server it runs on according to security researchers. The code-execution vulnerability affects default versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 of Plesk running on the Linux and FreeBSD operating systems, a configuration used by more than 360,000 websites . Plesk running on Windows and other types of Unix haven’t been tested to see if those configurations are vulnerable as well. The exploit code was released Wednesday on the Full-Disclosure mailing list by “kingcope,” a pseudonymous security researcher who has frequented the forum for years. He has a proven track record for developing reliable exploits. “This vulnerability has a high severity rating,” kingcope wrote in an e-mail to Ars. “An attacker can use this exploit to get a command line shell remotely with the privileges of the configured Apache user.” Read 7 remaining paragraphs | Comments

See more here:
More than 360,000 Apache websites imperiled by critical Plesk vulnerability

Espionage malware infects raft of governments, industries around the world

Kaspersky Lab Security researchers have blown the whistle on a computer-espionage campaign that over the past eight years has successfully compromised more than 350 high-profile targets in 40 countries. “NetTraveler,” named after a string included in an early version of the malware, has targeted a number of industries and organizations, according to a blog post published Tuesday by researchers from antivirus provider Kaspersky Lab. Targets include oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies, military contractors and Tibetan/Uyghur activists. Most recently, the group behind NetTraveler has focused most of its efforts on obtaining data concerning space exploration, nanotechnology, energy production, nuclear power, lasers, medicine, and communications. “Based on collected intelligence, we estimate the group size to about 50 individuals, most of which speak Chinese natively and have working knowledge of the English language,” the researchers wrote. “NetTraveler is designed to steal sensitive data as well as log keystrokes, and retrieve file system listings and various Office of PDF documents.” Read 3 remaining paragraphs | Comments

See the article here:
Espionage malware infects raft of governments, industries around the world

Apple issues OS X 10.8.4 update, includes iMessage and FaceTime fixes

OS X 10.8.4 comes with a long list of fixes. Andrew Cunningham After several weeks of beta testing, Apple has released OS X version 10.8.4 for all Macs running Mountain Lion. The update fixes a long list of minor issues and some security bugs as the OS nears its first birthday. Those hoping for major changes to OS X will have to wait until Apple’s Worldwide Developer Conference (WWDC) next week, at which Apple is widely expected to show off Mountain Lion’s successor. Quite a few of 10.8.4’s fixes are aimed at businesses. There are fixes that will help Calendar work better with Microsoft Exchange servers, compatibility and speed improvements to OS X’s Active Directory integration, improvements to compatibility with “certain enterprise Wi-Fi networks,” and fixes to issues with the SMB and NFS network sharing protocols. As ever, Apple is annoyingly nonspecific about the exact problems these updates solve, but network administrators with OS X clients may find something to like about the new update. Other squashed bugs will be of more interest to consumers. For example, there’s an iMessage fix that will prevent out-of-order messages, a fix for a FaceTime issue that would prevent calls to international numbers, and an update to Safari (now at version 6.0.5) that “improves stability for some websites with chat features and games.” Read 1 remaining paragraphs | Comments

More:
Apple issues OS X 10.8.4 update, includes iMessage and FaceTime fixes

Sony, Lego team up to create programmable, interactive Lego bricks

A newly revealed partnership seeks to bring the interactivity of Sony’s video games to the world of Lego’s physical bricks and characters. At a 25th anniversary open house for Sony’s Computer Science Laboratories in Japan , the companies showed off Toy Alive, a prototype project that uses simple Lego bricks with embedded microchips that can be controlled with a PC or a DualShock gamepad. The Toy Alive team is currently showing off a tiny, remote-controlled platform that can be controlled with a DualShock gamepad to play a chase game monitored by a webcam and computer software. Other bricks use translucent red plastic and built-in, computer-controlled LEDs to make a Lego house look like it’s on fire or to activate an actuator that causes Lego models to explode into pieces. The team is even experimenting with tiny wireless cameras that can give a minifig-eye view of a scene for a bit of augmented reality. Lego has long supported interactivity in its toys through its Mindstorms line of robotics aimed at programmers and students. But with Toy Alive, the team is trying to “keep the pieces small and simple so that children can use them with other toys,” according to associate researcher Alexis Andre, who has been working on the project for about a year. “It’s a mixture of video games and toys, and how do you make toys more interactive? How do you provide a platform for the children to do whatever they want to do?” Read 1 remaining paragraphs | Comments

See the original article here:
Sony, Lego team up to create programmable, interactive Lego bricks

iCloud users take note: Apple two-step protection won’t protect your data

A diagram showing how Apple’s two-step verification works. Apple If you think your pictures, contacts, and other data are protected by the two-step verification protection Apple added to its iCloud service in March , think again. According to security researchers in Moscow, the measure helps prevent fraudulent purchases made with your Apple ID but does nothing to augment the security of files you store. To be clear, iCloud data is still secure so long as the password locking it down is strong and remains secret. But in the event that your account credentials are compromised—which is precisely the eventuality Apple’s two-factor verification is intended to protect against—there’s nothing stopping an adversary from accessing data stored in your iCloud account. Researchers at ElcomSoft—a developer of sophisticated software for cracking passwords—made this assessment in a blog post published Thursday . “In its current implementation, Apple’s two-factor authentication does not prevent anyone from restoring an iOS backup onto a new (not trusted) device,” ElcomSoft CEO Vladimir Katalov wrote. “In addition, and this is much more of an issue, Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud. This is easy to verify; simply log in to your iCloud account, and you’ll have full information to everything stored there without being requested any additional logon information.” Read 11 remaining paragraphs | Comments

Taken from:
iCloud users take note: Apple two-step protection won’t protect your data

VMware’s dual-persona smartphones phones finally available to purchase

The first two phones to run VMware’s dual-persona software. VMware At long last, VMware’s dual-persona software for smartphones is available on actual devices. Today, VMware and Verizon Wireless announced that the Android-based LG Intuition and Motorola Razr M can now be purchased with VMware’s Horizon Mobile software, which separates the device into isolated partitions that keep a user’s work applications and data separate from personal stuff. VMware began promising virtualized smartphones in 2010 , claiming they would be available for sale in 2011. Samsung promised to support VMware’s virtualized phone vision in September 2011, and VMware started promising virtualization for iPhones and iPads in August 2012. We called it ” vaporware .” Samsung and Apple devices still aren’t running the dual-persona software, but it’s nice to see VMware phones finally materialize. VMware and Verizon said the Intuition and Razr M are immediately available for sale with Horizon Mobile software. Perpetual licenses to Horizon Mobile start at $125 per user and “can be purchased through local resellers of VMware and Verizon Wireless,” the companies said. Read 5 remaining paragraphs | Comments

See more here:
VMware’s dual-persona smartphones phones finally available to purchase

How hackers allegedly stole “unlimited” amounts of cash from banks in just hours

Wikipedia Federal authorities have accused eight men of participating in 21st-Century Bank heists that netted a whopping $45 million by hacking into payment systems and eliminating withdrawal limits placed on prepaid debit cards. The eight men formed the New York-based cell of an international crime ring that organized and executed the hacks and then used fraudulent payment cards in dozens of countries to withdraw the loot from automated teller machines, federal prosecutors alleged in court papers unsealed Thursday. In a matter of hours on two separate occasions, the eight defendants and their confederates withdrew about $2.8 million from New York City ATMs alone. At the same times, “cashing crews” in cities in at least 26 countries withdrew more than $40 million in a similar fashion. Prosecutors have labeled this type of heist an “unlimited operation” because it systematically removes the withdrawal limits normally placed on debit card accounts. These restrictions work as a safety mechanism that caps the amount of loss that banks normally face when something goes wrong. The operation removed the limits by hacking into two companies that process online payments for prepaid MasterCard debit card accounts issued by two banks—the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman—according to an indictment filed in federal court in the Eastern District of New York. Prosecutors didn’t identify the payment processors except to say one was in India and the other in the United States. Read 3 remaining paragraphs | Comments

Taken from:
How hackers allegedly stole “unlimited” amounts of cash from banks in just hours

Network Solutions seizes over 700 domains registered to Syrians

While Syria’s Internet connection is back up, many of the sites hosted in Damascus have lost their domain names. As Brian Krebs of Krebs on Security reports , the domain registrar Network Solutions LLC has taken control of 708 domain names in the .com, .org, and .net top-level domains registered to Syrian organizations. The organizations affected by the seizure include the state-supported hacker group Syrian Electronic Army. Usually when there’s a domain name seizure, it’s the work of government agencies like Immigrations and Customs Enforcement or the FBI, or domains are shut down with the help of US Marshals as part of a court-sanctioned seizure related to malware. But in this case, Network Solutions appears to have seized the domains in question without coordinating with federal authorities, though its action was guided by federal regulations—domain name registration is one of the services explicitly banned in US trade sanctions enacted against Syria last year. Network Solutions has marked the seized domains with the notation “OFAC Holding,” indicating they were taken over in accordance with regulations propagated by the Department of the Treasury’s Office of Foreign Assets Control , a unit of Treasury’s Office of Terrorism and Financial Intelligence. The vast majority of the seized domains were pointed at IP addresses assigned to the Syrian Computer Society. As we’ve reported previously, Syrian President Bashar al-Assad, who was an Army doctor and ophthalmologist before being groomed to take over for his father, was head of the Syrian Computer Society in the 1990s. He became president in 2000. The Syrian Computer Society acts as Syria’s domain registration authority and regulates the Internet within Syria, and is also believed to be connected to Syria’s state security apparatus. The Syrian Computer Society registered .sy domain names for the Syrian Electronic Army’s servers, giving the hacker group a national-level domain name (sea.sy) rather than a .com or other non-government address, signifying its status as at least a state-supervised operation. Read 1 remaining paragraphs | Comments

See the article here:
Network Solutions seizes over 700 domains registered to Syrians

German court convicts, sentences BitTorrent site operator to nearly 4 years

A German district court in the western city of Aachen has handed down one of the harshest sentences for abetting copyright infringement: three years and 10 months in prison. The 33-year-old alleged operator of the Russian-hosted torrent.to , who was named only as “Jens. R” in court documents, remains under investigation for fraudulent bankruptcy filings and embezzlement. Other than pleading not guilty, Jens R. did not offer a defense in the case and is expected to appeal. Like similar sites, such as the Pirate Bay, the defendant was accused of selling ads against links to torrent files. Read 5 remaining paragraphs | Comments

Opera claims former employee gave stolen trade secrets to Mozilla

Opera has been busy repositioning itself as a middleware player for the mobile Web recently, but that isn’t stopping the company from defending its investment in browser technology. The company has filed a 20 million Kronor ($3.4 million) lawsuit against a former employee and consultant, claiming that he stole company secrets and incorporated them into a mobile browser for Mozilla. According to a report by Norwegian IT site Digi.no , Opera has filed suit against Trond Werner Hansen, a Norwegian musician and designer who worked for Opera from 1999 to 2006 as a user interface designer and developer before leaving to pursue his music career . Hansen also worked for Opera as an outside consultant from 2009 to 2010. Last year, Hansen was involved with the development of the Mozilla prototype “Junior” browser for Apple iOS . Hansen and Alex Limi —former Firefox UI head and now manager of Mozilla’s product design strategy—demonstrated the browser prototype in a video on Air Mozilla last June. Hansen said in the video, “I spent almost seven years trying to simplify Opera and didn’t really succeed. Simplification of something that already exists is really hard. That’s way beyond product design issues—it’s company issues. I feel like we failed in making something really easy.” Limi credited Hansen with the invention of a number of Mozilla UI features, including the browser search—”the source of all our revenue,” Limi said—and the “speed dial” feature that allows users to pick frequently visited pages from a new browser tab. “Pretty much everything he’s invented, they’re now in all browsers,” Limi continued. Read 1 remaining paragraphs | Comments

See more here:
Opera claims former employee gave stolen trade secrets to Mozilla