Tag: brides-cond

A world of hurt after McAfee mistakenly revokes key for signing Mac apps

Travis Nep Smith A McAfee administrator accidentally revoked the digital key used to certify desktop applications that run on Apple’s OS X platform, creating headaches for customers who want to install or upgrade Mac antivirus products. A certificate revocation list  [CRL] hosted by Apple Worldwide developer servers lists the reason for the cancellation as a “key compromise,” but McAfee officials said they never lost control of the sensitive certificate which is used to prove applications are legitimate releases. The revocation date shows as February 6, meaning that for seven days now, customers have had no means to validate McAfee applications they want to install on Macs. “We were told that as a workaround, we should just allow untrusted certificates until they figure it out,” an IT administrator at a large organization, who asked that he not be identified, told Ars. “They’re telling us to trust untrusted certs, and that definitely puts us at risk.” Read 6 remaining paragraphs | Comments

View the original here:
A world of hurt after McAfee mistakenly revokes key for signing Mac apps

Spanish police bust alleged “ransomware” ring that took in $1.34M annually

Spanish authorities announced Wednesday that they had arrested 10 people who were allegedly involved in a massive “ransomware” ring. The European Cybercrime Centre estimated that the criminal operation “affected tens of thousands of computers worldwide, bringing in profits in excess of €1 million euros ($1.34 million) per year.” The Spanish Ministry of the Interior described (Google Translate) the lead suspect as a “a 27-year-old citizen of Russian origin who was arrested in December in the United Arab Emirates,” and now awaits extradition to Spain. The newly arrested 10 were  linked to the financial cell of the ransomware operation, and include six Russians, two Ukrainians, and two Georgians. The Ministry added that the operation remains “open,” suggesting that more arrests could be forthcoming. (Spanish authorities posted a video (RAR) of the new arrests and raid.) Madrid dubbed  the ransomware used by the ring a “police virus” because it throws up a notice that appears to come from law enforcement. The malware requires the user to pay €100 ($134) as a “fine” from a false accusation of accessing child pornography or file-sharing websites. When the victims submit their payment details, European authorities added , the “criminals then go on to steal data and information from the victim’s computer.” Read 7 remaining paragraphs | Comments

Read the original:
Spanish police bust alleged “ransomware” ring that took in $1.34M annually

Comcast acquires full ownership of NBCUniversal ahead of schedule

Comcast, the nation’s largest cable provider, will consolidate its control over NBCUniversal by buying out the 49 percent of the media company that it doesn’t already own. Comcast will pay General Electric $16.7 billion for the shares and shell out $1.4 billion for related real estate, including the iconic 30 Rockefeller Plaza. Under a deal announced in 2009, General Electric spun NBC, Universal Studios, and various other media properties off into a new joint venture and sold 51 percent of the shares, and effective control, to Comcast. The merger was intensely controversial. Critics charged that the acquisition would further cement Comcast’s already dominant position in the cable market, making it impossible for competitors such as Netflix to compete on a level playing field. But regulators decided not to challenge the merger, settling for a long list of regulatory concessions. Read 4 remaining paragraphs | Comments

View original post here:
Comcast acquires full ownership of NBCUniversal ahead of schedule

Obama administration defends $222,000 file-sharing verdict

Credit: U.S. Embassy, Jakarta The Obama Administration has stepped into a long-running file-sharing lawsuit in Minnesota, urging the United States Supreme Court not to get involved in a six-figure verdict against a young mother from Northern Minnesota. The feds don’t buy the woman’s argument that the massive size of the award makes it unconstitutional. Jammie Thomas-Rasset has been fighting a recording industry lawsuit accusing her of sharing music using the now-defunct peer-to-peer network Kazaa for the better part of a decade. In 2007, a jury found Thomas-Rasset liable to the tune of $222,000 for sharing 24 songs. She appealed the verdict, resulting in two more trials that each produced even larger jury awards. These higher figures were thrown out by the courts, but last year, the Eighth Circuit Court of Appeals upheld the $222,000 award. Thomas-Rasset is now seeking review by the Supreme Court. In a December brief , her lawyer drew an analogy to a line of Supreme Court decisions regarding excessive punitive damages. In those cases, juries had awarded punitive damages that were more than 100 times larger than the actual damages suffered by the plaintiffs. The Supreme Court held that such disproportionate punitive damages violate the due process clause of the Constitution. Read 6 remaining paragraphs | Comments

More:
Obama administration defends $222,000 file-sharing verdict

Apple releases iOS 6.1.1 for iPhone 4S users with 3G issues (Updated)

Update : Apple has now released the iOS 6.1.1 update mentioned in our original writeup. The update is specifically for the iPhone 4S and “fixes an issue that could impact cellular performance and reliability for iPhone 4S.” This is most likely to address the 3G issues experienced by some users, though it doesn’t sound like iOS 6.1.1 does anything to improve battery life as of yet. Original story : iOS 6.1.1 may be making its way into consumers’ hands sooner than we expected. The first beta of iOS 6.1.1 was only released to Apple’s developer network last week, but the update is reportedly being “rushed” out to customers in order to address 3G performance bugs, according to German iPhone site iFun . It is also said to address other problems like reduced battery life. The software is said to have undergone some carrier testing, though it’s still unclear exactly when Apple plans to publish the update. Read 4 remaining paragraphs | Comments

Original post:
Apple releases iOS 6.1.1 for iPhone 4S users with 3G issues (Updated)

At Facebook, zero-day exploits, backdoor code bring war games drill to life

Aurich Lawson Early on Halloween morning, members of Facebook’s Computer Emergency Response Team received an urgent e-mail from an FBI special agent who regularly briefs them on security matters. The e-mail contained a Facebook link to a PHP script that appeared to give anyone who knew its location unfettered access to the site’s front-end system. It also referenced a suspicious IP address that suggested criminal hackers in Beijing were involved. “Sorry for the early e-mail but I am at the airport about to fly home,” the e-mail started. It was 7:01am. “Based on what I know of the group it could be ugly. Not sure if you can see it anywhere or if it’s even yours.” The e-mail reporting a simulated hack into Facebook’s network. It touched off a major drill designed to test the company’s ability to respond to security crises. Facebook Facebook employees immediately dug into the mysterious code. What they found only heightened suspicions that something was terribly wrong. Facebook procedures require all code posted to the site to be handled by two members of its development team, and yet this script somehow evaded those measures. At 10:45am, the incident received a classification known as “unbreak now,” the Facebook equivalent of the US military’s emergency DEFCON 1 rating. At 11:04am, after identifying the account used to publish the code, the team learned the engineer the account belonged to knew nothing about the script. One minute later, they issued a takedown to remove the code from their servers. Read 31 remaining paragraphs | Comments

Link:
At Facebook, zero-day exploits, backdoor code bring war games drill to life

At long last, TI releases graphing calculator for the iPad

A TI-Nspire’s functionality, replicated on an iPad. TI/TechPoweredMath Texas Instruments has brought its graphing calculator functionality to a more modern platform, according to TechPoweredMath . TI-Nspire for iPad mimics the functionality of the color TI-Nspire calculator and has cloud integration for teachers to share files with students. TI’s graphing calculators have been stuck staunchly in the past as much as possible.  Color screens were  a recent development for its most popular line of devices, and developers have had to build games with only a handful of kilobytes of code . As smartphones and tablets rise in popularity, it makes increasing sense to fold the graphing calculator functionality into devices that students are likely carrying around with them anyway. This is not to say graphing calculator apps haven’t existed for some time—they have, for both smartphones and tablets, and many are free. But until now, TI has refused to cross over. Read 3 remaining paragraphs | Comments

Read this article:
At long last, TI releases graphing calculator for the iPad

Adobe issues emergency Flash update for attacks on Windows, Mac users

Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple’s Macintosh platform. While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday’s unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible. The Mac exploits target users of the Safari browser included in Apple’s OS X, as well as those using Mozilla’s Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory . Adobe credited members of the Shadowserver Foundation , Lockheed Martin’s Computer Incident Response Team, and MITRE with discovery of the critical bug. Read 4 remaining paragraphs | Comments

Continue Reading:
Adobe issues emergency Flash update for attacks on Windows, Mac users

We’re going to blow up your boiler: Critical bug threatens hospital systems

A picture of a Tridium device running the Niagara AX framework. Tridium More than 21,000 Internet-connected devices sold by Honeywell are vulnerable to a hack that allows attackers to remotely seize control of building heating systems, elevators, and other industrial equipment and in some cases, causes them to malfunction. The hijacking vulnerability in Niagara AX-branded hardware and software sold by Honeywell’s Tridium division was demonstrated at this week’s Kaspersky Security Analyst Summit in San Juan, Puerto Rico. Billy Rios and Terry McCorkle, two security experts with a firm called Cylance , allowed an audience to watch as they executed a custom script that took about 25 seconds to take control of a default configuration of the industrial control software. When they were done they had unfettered control over the device, which is used to centralize control over alarm systems, garage doors, heating ventilation and cooling systems, and other equipment in large buildings. Taking advantage of the flaw would give attackers half a world away the same control on-site engineers have over connected systems. Extortionists, disgruntled or unstable employees, or even terrorists could potentially exploit vulnerabilities that allow them to bring about catastrophic effects, such as causing a large heating system to explode or catch fire or sabotaging large chillers used by hospitals and other facilities. Attackers could also exploit the bug to gain a toehold into networks, which could then be further penetrated using additional vulnerabilities that may be present. Read 12 remaining paragraphs | Comments

View the original here:
We’re going to blow up your boiler: Critical bug threatens hospital systems

Securing your website: A tough job, but someone’s got to do it

In 2006, members of a notorious crime gang cased the online storefronts belonging to 7-Eleven, Hannaford Brothers, and other retailers. Their objective: to find an opening that would allow their payment card fraud ring to gather enough data to pull off a major haul. In the waning days of that year they hit the mother lode, thanks to Russian hackers identified by federal investigators as Hacker 1 and Hacker 2. Located in the Netherlands and California, the hackers identified a garden-variety flaw on the website of Heartland Payment Systems, a payment card processor that handled some 100 million transactions per month for about 250,000 merchants. By exploiting the so-called SQL injection vulnerability, they were able to gain a toe-hold in the processor’s network , paving the way for a breach that cost Heartland more than $12.6 million. The hack was masterminded by the now-convicted Albert Gonzalez and it’s among the most graphic examples of the damage that can result from vulnerabilities that riddle just about any computer that serves up a webpage . Web application security experts have long cautioned such bugs can cost businesses dearly, yet those warnings largely fall on deaf ears. But in the wake of the Heartland breach there was no denying the damage they can cause. In addition to the millions of dollars the SQL injection flaw cost Heartland, the company also paid with its loss of reputation among customers and investors. Read 23 remaining paragraphs | Comments

See the original article here:
Securing your website: A tough job, but someone’s got to do it