Finding a CSRF vulnerability in phpBB (Reddit) SANS ISC SecNewsFeed(cached at January 26, 2016, 11:57 pm)

Malware Operator Barters With Security Researcher To Remove Open Source Ransomware C Slashdotby Soulskill on security at January 1, 1970, 1:00 am (cached at January 26, 2016, 11:33 pm)

An anonymous reader writes: The author of the Magic ransomware strain has agreed to release all decryption keys for free if Utku Sen, a Turkish security researcher, takes down his Hidden Tear open-source ransomware project from GitHub. Sen has released multiple open source ransomware projects, which contained backdoors and encryption flaws. The flaws disrupted the plans of several ransomware operators. This particular ransomware author is Russian, while Sen is Turkish, so just like Putin and Erdogan, the two struggled to come to an agreement. Utku Sen finally agreed to take down the Hidden Tear repository in three days, while the author of the Magic ransomware will provide all the encryption keys for free for the next 15 days.

Read more of this story at Slashdot.

Tech is cyclic Scripting News(cached at January 26, 2016, 11:31 pm)

Note: I posted this as a comment on Medium under Matt Carroll's post that included a link to Evan Williams saying that the open platforms are over. This is my rebuttal.

Tech is cyclic. First there was an open platform, then silo-makers were able to build something higher level by foreclosing on the openness. Then they stagnate because big companies get stuck in the Way Things Always Have Been, and the users get skilled, a new generation comes along and they see how to make progress outside the silo and enough people use the new open system so it gains traction. It’s always more exciting than the stale corporate silos, so for a while they blossom, until the cycle repeats.

The winners of one cycle always think they see how to get to the next level without being open and they always end up very rich but off in a cul de sac far away from where the new stuff is happening.

I saw this happen, in my career, the first time with the winners of the minicomputer era, who didn’t understand why people loved the underpowered PCs that could do a tiny fraction of what their big iron could do. (We loved the PC because it was ours to do with as we pleased.)

Then Bill Gates boasted he wouldn’t get stuck when the next thing came along he’d embrace it and he did, but it still rolled over him, as it had to, because he had too much invested in preserving his victory in the previous cycle. That story is fully documented in the early archive of this blog

And so it goes. No one ever seems to escape the loop, though there is a way out of it, they are all super impressed with their success and believe it has to do with some innate superiority they have. But so were the founders of DEC and Microsoft and Google and even Facebook now. They were all super smart, and they all got stuck when they won. The only way out of it is to shed the results of victory and get back down in the trenches. That's what Steve Jobs did when Apple rebooted  in 1997.

That’s why Ev is right and wrong. He was able to improve on RSS with Twitter because it controlled the subscription process. It was a much-needed improvement so Twitter caught fire. But it’s now ten years later. Enough time has passed, there’s a new generation around, and the cloud technology today is vastly better than it was ten years ago. Hold on, because the ride is about to get interesting. And Ev’s analysis just couldn’t be more wrong for today. It was right a few years ago, but we’re at a different point in the cycle now.

cPanel TSR-2016-0001 Full Disclosure (Reddit) SANS ISC SecNewsFeed(cached at January 26, 2016, 11:27 pm)

Advocacy groups call for repeal Cybersecurity Act of 2015 (SC Magazine) SANS ISC SecNewsFeed(cached at January 26, 2016, 11:27 pm)

Windows is losing its hold (IT Toolbox Blogs) SANS ISC SecNewsFeed(cached at January 26, 2016, 11:27 pm)

Industry pros concerned with AWS free cert offering (SC Magazine) SANS ISC SecNewsFeed(cached at January 26, 2016, 11:27 pm)

Carson proposes new agency dedicated to winning 'Cyberspace Race' (SC Magazine) SANS ISC SecNewsFeed(cached at January 26, 2016, 11:27 pm)

GOTO Jail: FBI Investigated Bizarre BASIC Program Sent To Johnny Cash Slashdotby Soulskill on programming at January 1, 1970, 1:00 am (cached at January 26, 2016, 11:03 pm)

v3rgEz writes: Who has time to write out all the vaguely threatening conspiracies that need to be sent to celebrities these days? Turns out, that can be automated too: In 1979, the FBI investigated a bizarre, threatening Christmas message sent to Johnny Cash on the eve of his 62nd album's release. The threat included the source and output of a BASIC program, which the FBI dutifully dusted for clues. Newly released documents show what would become the FBI's CyberCrime division.

Read more of this story at Slashdot.

Will Syria peace talks make any difference? AL JAZEERA ENGLISH (AJE)(cached at January 26, 2016, 10:57 pm)

A date has been set for talks to start in Geneva, but serious doubts remain over what can be achieved.
FIC 2016: Bernard Cazeneuve says 'do away with internal partitions' (SC Magazine) SANS ISC SecNewsFeed(cached at January 26, 2016, 10:57 pm)

Calais refugee children wait to be allowed into UK AL JAZEERA ENGLISH (AJE)(cached at January 26, 2016, 10:27 pm)

Hundreds living alone in camp in northern France are waiting to find out if they can be reunited with their families.
Aboriginal Canadians take matters into their own hands AL JAZEERA ENGLISH (AJE)(cached at January 26, 2016, 10:27 pm)

Government negligence is not stopping indigenous Canadians from pushing for their own economic and social change.
Hard Drives Lost, Affecting Nearly 1 Million (InfoRiskToday) SANS ISC SecNewsFeed(cached at January 26, 2016, 10:27 pm)

Colleges Shouldnt Become Training Facilities, Warns Dr. Jane LeClair (Reddit) SANS ISC SecNewsFeed(cached at January 26, 2016, 10:27 pm)