Ars Technica - Data from hack of Ashley Madison cheater site purportedly dumped online -
Gigabytes worth of data taken during last month's hack of the Ashley Madison dating website for cheaters has purportedly been published online—an act that, if true, could prove highly embarrassing for the men and women who have used the service over the years.Apparently there are 15,000 or so .gov or .mil email addresses contained in the dump. I expecte a lot of Admiral and Generals to be doing some explaining today.
Boing Boing - M.W.A: Fozzie and Kermit do Express Yourself by N.W.A -
Wired - Busting the Biggest Myth of CISA—That the Program Is Voluntary -
Access calls upon all companies to outright oppose CISA and the other “cybersecurity” bills that have been introduced in this Congress. They all strike a deal that sacrifices people’s privacy and security at the altar of corporate liability protection. Instead, these companies should publicly pledge not to participate in any government-run information sharing program that does not provide adequate privacy protections for users, including a right to remedy and provisions for transparency and accountability. In the meantime, Congress should be focusing on passing cybersecurity legislation that would actually assist companies in enhancing their digital security efforts, not in harming users’ privacy.In my opinion any cybersecurity bill should also attach legal liability to the CEO and CIO / CISO whose company is breached, where it is found that the company was not making a good faith effort to follow best practices.
The Verge - Zorro is getting a post-apocalyptic reboot -
The masked outlaw Zorro is preparing to defend the poor from tyrants and despots in a new film set in the post-apocalyptic future, according to The Hollywood Reporter. The project, which has been in development hell for years, is titled Zorro Reborn, with shooting slated to begin in March 2016 at a Pinewood Studios facility in the Dominican Republic.This will not in any way be an embarrassing failure. I do have to admit though the last Zorro reboot is where I first became aware of Catherine Zeta Jones, who really deserves (hah!!) to be my wife.
Gizmodo - Here's The Box That Can Turn a Puny Laptop Into a Graphical Powerhouse -
What you see in these pictures is a hub that uses Intel’s Thunderbolt 3, a supercharged version of USB-C with double the bandwidth. What does that actually mean in practice? It’s fast enough that you can actually augment the power of a relatively weak laptop with an external graphics card... yes, while still charging the laptop... driving two 4K monitors... and powering your USB devices all at the same time. Here’s what that looks like:
Computer World - Oracle yanks blog post critical of security vendors, customers -
Oracle published, then quickly deleted, a blog post criticizing third-party security consultants and the enterprise customers who use them.
Authored by Oracle chief security officer Mary Ann Davidson, the post sharply admonished enterprise customers for reverse engineering, or hiring consultants to reverse engineer, the company's proprietary software, with the aim of finding as of yet unfixed security vulnerabilities.
Not surprisingly, many security firms were not happy with the blog post.Way to go Oracle. maybe for your next trick you could massively screw up a major government website launch. Oops, did that. OK, maybe you canroast and eat young orphans, or have you done that too?
"Discouraging customers from reporting vulnerabilities or telling them they are violating license agreements by reverse engineering code, is an attempt to turn back the progress made to improve software security," wrote Chris Wysopal, Veracode chief technology officer and chief information security officer, in an e-mail statement.
The Hacker News - Script Kiddies can Now Create their Own Ransomware using This Kit -
A Turkish security researcher named Utku Sen has posted a fully functional Ransomware code on open source code sharing website GitHub.
The Ransomware dubbed Hidden Tear, uses AES Encryption to lock down files before displaying a ransom message warning to get users to pay up.
The currently undetectable version of ransomware can be modified and implemented accordingly, as it contains every feature a cybercriminal can expect from modern malware.
Yay, so glad that there are responsible people out there publishing code like this.
The State of Security - IE Under Attack! Microsoft Releases Emergency Out-of-Band Patch -
If Microsoft calls a vulnerability “critical,” warns that it affects all versions of Windows, and is prepared to issue a patch outside of its normal Patch Tuesday monthly schedule, you should sit up and listen.
Today, Microsoft has issued an advisory about a zero-day vulnerability, dubbed CVE-2015-2502, that could allow an attacker to hijack control of your computer via Internet Explorer – just by you visiting a boobytrapped webpage.Just kill IE on your machine now.