Report

The H-Online: The Debian developers have pointed out, in an announcement on the debian-announce mailing list, that – three years after it was released –Debian GNU/Linux 5.0 (Lenny) has reached its “End of Life”. Debian GNU/Linux 5.0 was originally released in February 2009 and on 6 February 2012, the developers stopped providing security updates for that version of the distribution. Users have now had a year to update their systems to Lenny’s successor, Squeeze, which was released on 6 February 2011. The Debian developers recommend that any installations that are still using Debian 5.0 should be updated to version 6 of the distribution immediately. The Debian community recently released version 6.0.4 of Debian Squeeze which includes all the updates that have been released for Squeeze since its release. ...

The Hacker News: Latest Notification in The Hacker News Vault by a Hacker named “Xenu (Casi)” from r00tw0rm Team that There are 63 Blind SQL injection Vulnerabilities exist on United Nation’s Website (www.un.org). Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through sql statements. ...

Mashable: LinkedIn on Thursday announced it has 150 million members in its network, a 20 million increase over November. The figure was disclosed in a press release the company issued Thursday announcing its fourth quarter and full-year 2011 results. The company posted revenues of $167.7 million, beating the analysts’ consensus of $160 million for Q4. Adjusted profit was $0.12 cents per share, which beat analysts’ projections of 7 cents a share. LinkedIn’s stock was up more than 5% in after-hours trading. ...

SophosLabs: Can hackers really cause as much bloodshed as 353 Imperial Japanese Navy fighters, bombers and torpedo planes launched from six aircraft carriers? Can hackers really kill 2,402 U.S. citizens, leave 1,282 wounded, lose 65 of their own attackers in the process, and plunge the United States into a World War? Heaven only knows. Maybe they can. The lack of security around Supervisory Control And Data Acquisition (SCADA) systems is scary. ...

The H-Online: Hackers operating under the name Swagg Security have said they were responsible for breaching the security of Chinese electronics manufacturer Foxconn. In a posting on Pastebin, the group took credit for penetrating the systems, noting that “Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly”. The posting pointed to a 6.5 MB torrent on The Pirate Bay which contained what appears to be CSV file dumps of database tables and other text files. The files included lists of what look like customer names, accounts and plain text passwords though many of those passwords are “foxconn” or “foxconn2”. ...

Mashable: Syrian President Bashar al-Assad has been under fire from world leaders to step down this week. He’s also under fire from hacktivist group Anonymous, who leaked hundreds of his office’s emails on Monday. While Anonymous is infamous for its hacking know-how, it doesn’t take a genius computer programmer to guess one of the passwords commonly used by Assad’s office accounts: 12345. The string of consecutive numbers is the second-weakest password according to a 2011 study. ...

H-Online: Researchers at Ruhr-Universität Bochum in Germany have announced that they have cracked the A5-GMR-1 and A5-GMR-2 encryption algorithms used in satellite phones. Satellite phones are mainly used in areas with insufficient mobile network coverage and in the maritime sector. The researchers obtained the proprietary, and previously undocumented, algorithms by reverse engineering phone firmware updates. Ideally this, in itself, should not compromise the security of the transmitted data. Data security should not depend on the secrecy of the encryption methods, it should only depend on the non-disclosure of the secret key that is being used. ...

The Hacker News: Roland Dela Paz, a threat response engineer with Trend Micro have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval. File-storage services offer several advantages for cybercriminals. SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote. ...

The H-Online: Versions 1.7.5 and 2.5.1 of the open source Joomla! content management system (CMS) have been released to address two information disclosure vulnerabilities. These include one medium severity problem in Joomla! 1.7.x that could allow an unauthorized user to gain access to the error log stored on a victim’s server, and, in both versions, an inadequate validation problem that could be exploited to gain access to private data. The update to Joomla! 2.5, which arrived last month, also fixes 30 bugs, including one that caused batch processing to break. ...

Mashable: Google just debuted a project dedicated to attacking some of the biggest problems facing civilization, such as global warming, and proposing “radical” ideas for solving them. Solve for X Called “Solve for X,” the idea resembles TED (Technology Entertainment and Design), the series of conferences that feature industry leaders exploring big-picture ideas and how they can improve society. Solve for X, however, appears to be more focused on global problems, using them as opportunities to encourage “moonshot” thinking. ...