Last updated:
Wed Jan 28 17:24:14 2015 GMT
  2014 FIRST Annual Conference in Boston - Register now


Blogroll
InfoWorld Gripe Line | Ed Foster
Caffeinated Security
nzight
Mark's Blog
Latest Blog Entires From WebSense Security Labs
Liudvikas Bukys
MVP Jubo Security Blog
Carnal0wnage Blog
antlab
Ivan
The Microsoft Security Response Center Blog
In-Security : Exploring Internet, Information and Infrastructure Security
Windows Incident Response
Fred Avolio's Musings
The Security Mentor
Krebs on Security
Steve Lamb's Blog : How to Articles
Deb Shinder's MVP Blog
Open-Node.net Security Weblog
ThreatFire Research Blog
Andrew Carpenter
blackhat for life
Page Not Found - ASP.NET Weblogs
Service Provider Journal
MZL & Novatech Traffic & Bandwidth Statistics News
George Ou
e-Government@large
A Bro Blog
CERIAS Weblogs
LuFG Summerschool Applied IT Security
Vastly Important Notes
Bowulf Infosec & Network Admin Blog
Norwegian Honeynet Project
IBM Internet Security Systems Frequency X Blog
SecuriTeam Blogs
Infosec Events
Anton Chuvakin, O'Reilly Network
C.I.S.R.T.
BlogInfoSec.com
Anti Rootkit Blog
Network Security Blog
The Day Before Zero
-- Sleeve notes of a sysadmin --
websecurityblog
Internet Security with Kirk
Internet Insecurity
REblog
Pinpoint Labs Blog
The Dark Visitor
Kasun's Weblog
Anti-Malware Engineering Team
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
BufferOverrun : Security
fes' WebLog
McAfee Avert Labs
1 Raindrop
Xavier's Security Post
An Information Security Place
Speaking of Security, the RSA Blog and Podcast
Alert Logic
Sunbelt Blog
Casper Dik's Weblog
New Directions in Security (Comments)
Internet Security News and Analysis
Windows Security Logging and Other Esoterica
Lasipalatsi
SYN|ACK
Roger's Information Security Blog
Fixing Email Weblog
Kaspersky Lab Weblog
Fabulous Adventures In Coding : Security
Technology Review Feed - TR Editors' Blog
Security Sauce
Computing Research Policy Blog
DoxPara Research
MSDN: Security
CGISecurity.com: Your Web Site and Application Security Resource
turnipsecurity
PandaLabs
ModSecurity Blog
Spire Security Viewpoint
Security Curve Weblog
Security and Technology for SMB's and SOHO's
Dana Epp's ramblings at the Sanctuary
You Know What's Stupid? Everything I Don't Understand
Sergey Simakov blog
Attack Research
HD DVD / Randomness... : Security
Solution Accelerators - Security & Compliance
Tim Rains' WebLog
OSVDB Blog
Verizonbusiness.com
chandanlog(3C)
Security Manifest
Greyhat of the World Unite...
Information Research
Esphion
OSSEC Blog
The Security Skeptic
RedTeam
Emergent Chaos
The Evil Empire
Digital ID World Editors Corner
Hex blog
Will Cox: Security
Crypto-World - news
Infosec Writers Latest Security Papers
KyleM.xwell
disLEXia 3000 blog
Error!
Kimberly L. Tripp: Improving *my* SQL skills through your questions! - Security
Information Security News Desk
Glenn Brunette's Security Weblog
Anil John - Security
Vulnerability Analysis Blog
malwarecrawler.com
The Importance of...
Mal-Aware.org
Network Security
darren_moffat@blog$ cat /dev/mem | grep /dev/urandom
honeyblog
Rick Kingslan - Will Hack 4 Food
-- Sleeve notes of a sysadmin --
securosis.com
Wifi Security Project
Abner Stories
Latest Blog Entires From WebSense Security Labs
cybercrime/-security sightings
Security Garden
mcwresearch.com
Politically Motivated Computer Crime and Hacktivism
The Security Mentor
@CyberForge
NI3
Sorry! We couldn't find your document
Page Not Found - ASP.NET Weblogs
Compendium
Infosec Potpourri
Latests Alerts From Websense Security Labs
Aaron Margosis' "Non-Admin" WebLog
Federated Infrastructure : Security
The X Dot Com Inc. - 404 Wrong Page
Page Not Found - ASP.NET Weblogs
Wired: Threat Level
Sam Gentile
Cynical Security
NetSec
Tenable Network Security
Security Soapbox
Burton Group Page Not Found
Sorry! We couldn't find your document
Mark O'Neill's Radio Weblog
Logblog
TrendLabs | Malware Blog - by Trend Micro
CyberSpeak's Podcast
When {Puffy} Meets ^RedDevil^
Financial Cryptography
Larry Osterman's WebLog : Security
Page Not Found - ASP.NET Weblogs
Page Not Found - ASP.NET Weblogs
Solution Accelerators - Security & Compliance
taint.org: Justin Mason's Weblog
OpenPacket Blog
SophosLabs blog
Vitalsecurity.org - A Revolution is the Solution
eEye Digital Security - Research Blog
Cybercrime
Stupid Security
Infothought
Security Notes
Cheap Hack
Fermats Security Alerts
The Security Skeptic
About Internet / Network Security
Michael Howard's Web Log
Panda Research Blog
Paul's Down-Home Page: Exchange, messaging, collaboration, security, and more
Spam Filtering Techniques
Sorry! We couldn't find your document
Small Business Server
Bkis Blog
infosec « WordPress.com Tag Feed
netstat -a
whattheflex
Windows Shell/User (MSN & OneCare Too)
CyberCrime & Doing Time
The Security Blanket
Casper Dik's Weblog
F-Secure Antivirus Research Weblog
Security Fix
BenEdelman.org
The Antivirus Guy Blog
Realtime Community | IT Compliance
Nth world commentaries
b l o g _ m a x i m u m
ADD / XOR / ROL
darren_moffat@blog$ cat /dev/mem | grep /dev/urandom
GPL
Bill Sommerfeld's Weblog
Inliniac
APB Infosec blog
Security Fix
Errata Security
Security Watch
Napsterization
Security
Glenn Brunette's Security Weblog
invulnerableit.com Blog
Security Blanket
Jim's Bloggyness
Roger Thompson
-- Sleeve notes of a sysadmin --
Freedom to Tinker
worm blog
torsten's .NET blog - Security
trimMail's Email Battles
Educated Guesswork
Thomas Shinder Blog
Matasano Chargen
bIPlog
Martin Englund's Weblog
Page Not Found - ASP.NET Weblogs
The Security Development Lifecycle
Arun Perinkolam's Weblog
::PepperTech:: Security Management News Blog
Usable Security
Security Blog
Volatility
CERIAS Blog
Lauren Weinstein's Blog
weblog.cemper.com - Technology, Software Development, Project Management, Marketing News
Essential Computer Security
Schneier on Security
A Day in the Life of an Information Security Investigator
Dan Anderson's Weblog
Robert Hensing's Blog
Eugene Bobukh's WebLog
1 Raindrop
MoMusings@Arachnid.homeip.net
Page Not Found - ASP.NET Weblogs
404 - Not Found
Volatile Systems
Vodun.org
The WiFi Zone
www.rootkit.com
The ICSI Networking Group Blog
.NET Security Blog
TheSecure.Net
Static in the Ether
Security to the Core | Arbor Networks Security Blog
Larry's Insecurity Blog
Harry Waldron - Microsoft MVP Blog
Larry Seltzer's Security Weblog
DISOG
National Cyber Security - Blogs
Adobe Product Security Incident Response Team (PSIRT)
: 404 Not Found
Errata Security
ADD / XOR / ROL
Kim Cameron's Identity Weblog
GnuPG.org
Michael Howard's Web Log : Security
Security Response Weblog
Information Security News Desk
Draft Security Blog
TaoSecurity
Information Manager Journal
Wendy's Blog: Legal Tags
Phil Windley's Technometria
Latest Analysis for All Threats
Andreas Sterbenz's Blog
Daemon on Security
John Palfrey
Network Security Blog
StillSecure, After All These Years
January 28, 2015


Adobe Begins Auto-Update Patching of Second Flash Player Zero Day
infosec « WordPress.com Tag Feed

Adobe on Saturday began patching a zero-day vulnerability in Flash Player for auto-update users, exp


Some notes on GHOST
Errata Security

I haven't seen anybody compile a list of key points about the GHOST bug, so I thought I'd write up some things. I get this from reading the code, but mostly from the advisory.


Facebook vs 25,000 users - privacy class action lawsuit has initial hearing date set
SophosLabs blog

An Austrian court has given the go ahead to a class action lawsuit brought against Facebook for alleged privacy violations across Europe.


Seven Reasons the New GOP Bill Will Not Give Us Net Neutrality
You Know What's Stupid? Everything I Don't Understand


FBI: Businesses Lost $215M to Email Scams
Krebs on Security

Its time once again to update my Value of a Hacked Email Account graphic: According to a recent alert from the FBI, cyber thieves stole nearly $215million from businesses in the last 14 months usinga scam that starts when business executives or emp


Upcoming update in sqlcutie 1.8.1
infosec « WordPress.com Tag Feed

Admittedly I havent touched this project for a while. However there is going to be quite an u


No, Department of Justice, 80 Percent of Tor Traffic Is Not Child Porn
Wired: Threat Level

The debate over online anonymity, andall the whistleblowers


The "Dirty Dozen" SPAMPIONSHIP: Who's the biggest? Who's the worst?
SophosLabs blog

We take our quarterly dive into the SophosLabs spamtrap logs to find out who sends the most spam. Six countries made it onto our "worst per person" chart for the first time in a year...find out if you were one of them.


Ubisoft yanks keys for online games purchased via unauthorised parties
SophosLabs blog

Far Cry 4 and other games disappeared over the weekend, leaving a trail of ex-Ubisoft fans in their wake, stripped of games Ubisoft thinks were "fraudulently" bought on third-party sites.


Bughunter cracks "absolute privacy" Blackphone - by sending it a text message
SophosLabs blog

Serial bughunter Mark Dowd found a hole where it *really* wasn't wanted. In the text messaging software on the "absolute privacy" Blackphone...


Subconscious Keys
Schneier on Security


Open source software for quantum information
infosec « WordPress.com Tag Feed

NIST has partnered with the private sector to develop the next-generation open source control softwa


Not So Spooky: Linux Ghost Vulnerability
TrendLabs | Malware Blog - by Trend Micro

Researchers at Qualys have found a vulnerability in the GNU C Library (alternately known as glibc), which can be used to run arbitrary code on systems running various Linux operating systems. The vulnerability (assigned as CVE-2015-0235) has been dubbed G


ISC StormCast for Monday, January 26th 2015 http://bit.ly/1zM6eaS, (Mon, Jan 26th)
infosec « WordPress.com Tag Feed

(more) from SANS Internet Storm Center, InfoCON: yellow http://bit.ly/1JrtAUJ via IFTT


CVE-2015-0016: Escaping the Internet Explorer Sandbox
TrendLabs | Malware Blog - by Trend Micro

Part of this Januarys Patch Tuesday releases was MS15-004, which fixed a vulnerability that could be used in escalation of privilege attacks. I analyzed this vulnerability (designated as CVE-2015-0016) because it may be the first vulnerability in t


Adobe gets second Flash zero-day patch ready 2 days early!
infosec « WordPress.com Tag Feed

Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash. The patch is now ready vi


Taylor Swift's Twitter and Instagram accounts hacked
SophosLabs blog

Hackers briefly got control of the Twitter and Instagram accounts of Taylor Swift, the Grammy-winning American pop-star, creating a stir on social media. Here's how to make sure your accounts are safe!


Seminar on the Law of the Newly Possible
You Know What's Stupid? Everything I Don't Understand

January 27, 2015


A note about this 'cyber' thing...
infosec « WordPress.com Tag Feed

I know quite a few people – hackers mostly – who get quite snarky and condescending over


Spanish Copyright Reform Enters into Force: Special Focus on Online Intermediaries
You Know What's Stupid? Everything I Don't Understand


You shouldn't be using gethostbyname() anyway
Errata Security

Today's GHOST vulnerability is in gethostbyname(), a Sockets API function from the early 1980s. That function has been obsolete for a decade. What you should be using is getaddrinfo() instead, a new function that can also handle IPv6.


Mouse-Box An Entire Computer inside a Mouse
infosec « WordPress.com Tag Feed

Smartphones in our pockets are exponentially smaller and more powerful that they don’t realize


Apple fixes Thunderstrike and 3 Project Zero bugs in OS X 10.10.2 Yosemite
SophosLabs blog

The latest OS X beta, version 10.10.2, is in the hands of developers and hints that users will soon be getting fixes for the devilish Thunderstrike vulnerability and 3 Project Zero bugs.Police Using Radar that Sees Through Walls
Schneier on Security


Low Hanging Fruit: Flash Player
F-Secure Antivirus Research Weblog

Flash Player version 16.0.0.296 is now available.

Flas
</span></p>
</p>

<p>
<br>
<span class=Infocon change to yellow for Adobe Flash issues, (Fri, Jan 23rd)
infosec « WordPress.com Tag Feed

We have decided to change the Infocon 1to yellow in order to bring attention to the mu …(more)


Yet Another Emergency Flash Player Patch
Krebs on Security

For the second time in a week, Adobe has issued an emergency update to fix critical security flaws that crooks are actively exploiting in its Flash Player software. Updates are available for Flash Player on Windows and Mac OS X. Last week, Adobe released


How the Obamacare website healthcare.gov leaks private data
infosec « WordPress.com Tag Feed

HealthCare.gov, the US insurance exchange website that is a central component of Obamacare (the Affo


Pale Moon Minor Update to Version 25.2.1
Security Garden


Google asked to muzzle Waze 'police-stalking' app
SophosLabs blog

US police are typically the ones to surveil, not the other way around, as Google's crowd-sourced, police-mapping traffic app is doing. Now sheriffs are asking Google to pull the plug on it. Lizard Squad took down Facebook and Instagram! Believe it! Or not...
SophosLabs blog

The hacking-and-cracking crew known as Lizard Squad tweeted that Facebook and Instagram were down. Before you could say, "But we don't crash EVER," that had turned into "Lizard Squad did it"...Italian Court Decides an Important Case on Liability of Video-sharing Platforms
You Know What's Stupid? Everything I Don't Understand


The IDEA Encryption Algorithm with a 128-bit Block Length
Schneier on Security


Why Russia Hacks
infosec « WordPress.com Tag Feed

Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is th


Silicon Valley Has Lost Its Way. Can Skateboarding Legend Rodney Mullen Help It?
Wired: Threat Level

Silicon Valley Has Lost Its Way. Can Skateboarding Legend Rodney Mullen Help It?

More than 30 years after he invented most o


Pinterest to sell ads based on what you're thinking of buying
SophosLabs blog

Been pinning pictures of fancy kitchens? Well, isn't that interesting, says every appliance maker on the planet.Are Social Media Bots Good?
BlogInfoSec.com

I found it really eye-opening to read Nick Biltons article Phony Friends, Real Profit which appeared on page E2 of The New York Times of November 20, 2014, and seems to be in favor of using bots to represent fakes. Either Bilton was writing with his tongu


DMARC: The time is right for email authentication
infosec « WordPress.com Tag Feed

It is a rare thing to be given the opportunity to right a historic wrong. The root of essentially ev


Why leaving a shared device unprotected is dangerous
infosec « WordPress.com Tag Feed

According to a survey jointly executed by B2B International and Kaspersky Lab, 32 per cent of respon


all content is copyright its respective owner or owners.

the technology behind infosec daily is partially copyright © 2003-2008 jose nazario.