Kvinna skadad vid drunkningstillbud SvD Inrikes(cached at January 27, 2015, 11:36 pm)

En kvinna vårdas på sjukhus med allvarliga skador efter att ha gått genom isen i Stora Hässleholmssjön i Borås, skriver Borås Tidning på sin hemsida.
Lizard Squad Hits Malaysia Airlines Website Slashdotby Soulskill on security at January 1, 1970, 1:00 am (cached at January 27, 2015, 11:36 pm)

An anonymous reader writes: Lizard Squad, the hacking collaborative that went after the PlayStation Network, Xbox Live, and the North Korean internet last year, has now targeted Malaysia Airlines with an attack. Bloomberg links to images of the hacks (including the rather heartless 404 jab on its home page) and columnist Adam Minter wonders why Malaysia Airlines, which has had so much bad press in the past 12 months, was worthy of Lizard Squad's ire. In apparent answer, @LizardMafia (the org's reputed Twitter handle) messaged Mr. Minter this morning: "More to come soon. Side Note: We're still organizing the @MAS email dump, stay tuned for that."

Read more of this story at Slashdot.








Record iPhone sales drive blowout quarter for Apple (Yahoo Security) SANS ISC SecNewsFeed(cached at January 27, 2015, 11:30 pm)

Lessons from an IT transformation failure (iii) (IT Toolbox Blogs) SANS ISC SecNewsFeed(cached at January 27, 2015, 11:30 pm)

FBI Issues Wire Transfer Scam Alert (InfoRiskToday) SANS ISC SecNewsFeed(cached at January 27, 2015, 11:30 pm)

FUMBLE! NFL app drops privacy ball in time for Superbowl Sunday (The Register) SANS ISC SecNewsFeed(cached at January 27, 2015, 11:30 pm)

Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says (Dark Reading) SANS ISC SecNewsFeed(cached at January 27, 2015, 11:30 pm)

New attack uses ransomware to drop trojans and keyloggers (SC Magazine) SANS ISC SecNewsFeed(cached at January 27, 2015, 11:30 pm)

Marriott fixes Android app issue that may have exposed personal data (SC Magazine) SANS ISC SecNewsFeed(cached at January 27, 2015, 11:30 pm)

New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST), (Tue, Jan 27th) SANS Internet Storm Center, InfoCON: green(cached at January 27, 2015, 11:30 pm)

Qualys discovered a criticalbuffer overflow in the gethostbyname() and gethostbyname2() functions in glibc. According to the announcement by Qualys, they were able to create an in-house exploit that will execute arbitrary code via the Eximmail server. [1]

glibcbefore version 2.18 (released August ) is vulnerable. You can quickly check your glibc version by using ldd --version (but not all Unix systems that use glibc have ldd installed, and some software is statically compiled with glibc)

These glibcfunctions are used on most (all?) Unix systems to resolve hostnames . Any software that at some point resolved host names is potentially vulnerable, which includes pretty much all software that uses the network in some from (clients and servers). The problem has been fixed in some versions of glibc, but it was originally not recognized as a security vulnerability, and as a result not backported in older, still widely used and supported versions of glibc.

What should you do: Apply this update as soon as you see patched offered by your Linux/Unix distribution. Some Windows software (and of course OS X) uses glibcas well and may be vulnerable.

[1]http://openwall.com/lists/oss-security/2015/01/27/9

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST), (Tue, Jan 27th) SANS Internet Storm Center, InfoCON: green(cached at January 27, 2015, 11:30 pm)

Qualys discovered a criticalbuffer overflow in the gethostbyname() and gethostbyname2() functions in glibc. According to the announcement by Qualys, they were able to create an in-house exploit that will execute arbitrary code via the Eximmail server. [1]

glibcbefore version 2.18 (released August ) is vulnerable. You can quickly check your glibc version by using ldd --version (but not all Unix systems that use glibc have ldd installed, and some software is statically compiled with glibc)

These glibcfunctions are used on most (all?) Unix systems to resolve hostnames . Any software that at some point resolved host names is potentially vulnerable, which includes pretty much all software that uses the network in some from (clients and servers). The problem has been fixed in some versions of glibc, but it was originally not recognized as a security vulnerability, and as a result not backported in older, still widely used and supported versions of glibc.

What should you do: Apply this update as soon as you see patched offered by your Linux/Unix distribution. Some Windows software (and of course OS X) uses glibcas well and may be vulnerable.

[1]http://openwall.com/lists/oss-security/2015/01/27/9

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Wallström på FN-offensiv SvD Utrikes(cached at January 27, 2015, 11:06 pm)

Natten till tisdagen låg New Yorks gator nästan öde sedan guvernören i delstaten, Andrew Cuomo, utlyst bilförbud. Varken bussar, tunnelbana eller taxi var i drift. Manhattan blev en isolerad ö mellan Hudsonfloden och East River.
Misstänkt mördare marinanställd SvD Inrikes(cached at January 27, 2015, 11:06 pm)

En man i 25-30-årsåldern är anhållen misstänkt för mord sedan han skjutit ihjäl en man i samma ålder i Vaxholm. Mannen är militär, anställd vid marinen, och ringde själv polisens ledningscentral efter skotten och väntade in patrullen.
Misstänkt mördare marinanställd SvD Inrikes(cached at January 27, 2015, 11:06 pm)

En man i 25-30-årsåldern är anhållen misstänkt för mord sedan han skjutit ihjäl en man i samma ålder i Vaxholm. Mannen är militär, anställd vid marinen, och ringde själv polisens ledningscentral efter skotten och väntade in patrullen.
Kepler Discovers Solar System's Ancient 'Twin' Slashdotby Soulskill on space at January 1, 1970, 1:00 am (cached at January 27, 2015, 11:06 pm)

astroengine writes: Astronomers have found a star system that bears a striking resemblance to our inner solar system. It's a sun-like star that plays host to a system of five small exoplanets — from the size of Mercury to the size of Venus. But there's something very alien about this compact 'solar system'; it formed when the universe was only 20 percent the age it is now, making it the most ancient star system playing host to terrestrial sized worlds discovered to date.

Read more of this story at Slashdot.