Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Android and iOS: When Google Drive released its first mobile apps, they barely did anything at all. Document editing came soon after, but now you can edit spreadsheets as well. Just like on the web, you can see others editing the same spreadsheet in real time. More » 
Original news article at https://lifehacker.com on November 29, 2012 at 02:00AM
A Maine construction company that sued its bank after losing $345,000 in an online banking heist has settled its dispute after a protracted legal battle that raised questions about the bank’s responsibility in protecting customer accounts against cyber fraud.
The settlement between Patco Construction and People’s United Bank (formerly Ocean Bank) comes about four months after the U.S. Court of Appeals for the First Circuit faulted the bank’s security measures at the time of the theft and advised the two sides to work out a compromise.
Original news article at https://www.teamshatter.com on November 27, 2012 at 09:04PM
A new worm that appears to be targeted at Iran seeks to sabotage corporate databases by searching for specific phrases and values and replacing them with random ones.
This latest bug, dubbed the “Narilam” worm, goes after Microsoft SQL databases, according to Symantec, which first uncovered the malicious code.
Original news article at https://news.hitb.org/ on November 27, 2012 at 06:31AM
Samsung printers released before October 31, 2012, have been found to contain a hard-coded account that could allow an attacker to remotely take control of the device.
As described in a vulnerability note released by the US Computer Emergency Response Team (CERT), affected printers have a Simple Network Management Protocol (SNMP) account programmed into their firmware. This account continues to permit access to the device even if SNMP functions are disabled in the printer’s management utility. Some Dell printers manufactured by Samsung are also affected.
Original news article at https://news.hitb.org/ on November 27, 2012 at 06:28AM
A security researcher claims that he found 23 vulnerabilities in industrial control software from several vendors after a different security company last week showcased vulnerabilities in applications from some of the same manufacturers, but chose not to report them.
Original news article at https://news.hitb.org/ on November 27, 2012 at 05:10AM
A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards.
Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin.
Original news article at https://news.hitb.org/ on November 27, 2012 at 04:57AM
<!– adsense –>Official website of President of Sri Lanka (president.gov.lk) breached by hacker going by name “Broken-Security”, using Blind Sql Injection vulnerability.
Vulnerability also posted by hacker on a pastebin note with database dump including table and column names.
Dump include the Username and Encrypted password of admin also as shown in screenshot. Hacker didn’t mention any reason
Original news article at https://thehackernews.com/ on November 22, 2012 at 10:24PM
CowboyRobot writes “Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. ‘It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do,’ he says. Users passwords for the Adobe Connectusers site were stored and hashed with MD5, he says, which made them ‘easy to crack’ with freely available tools. And Adobe wasn’t using WAFs on the servers, he notes. Tal Beery, a security researcher at Imperva, analyzed the data dump in the Connectusers Pastebin post and found that the list appears to be valid and that the hacked database was relatively old.”
Read more of this story at Slashdot.
Original news article at https://slashdot.org/ on November 15, 2012 at 06:03AM
Google’s email service Gmail, or Google Mail, supports a variety of advanced search parameters which have not been documented that well until now. Recently it became known for instance that emails can be filtered by size using the size: parameter in the search form on the Gmail website.
Google today announced that all Gmail advanced search parameters are now available on a Searching Gmail support page. This includes the size parameter, but also additional parameters such as “older than” to find emails that are older than the specified age or “larger” which does the same as the size parameter.
Here is a short list of the most important advanced search parameters that you can use to search your emails on the Gmail website:
The search parameters are most effective when used in combination with search terms. You can for instance search for emails that are larger than a specified size sent by a particular contact of yours, or only last year’s emails that you received from a company. Parameters can also be combined, for instance to find all images larger than 10 Megabyte that have been sent before 2009: size:10m older_than:3y.
The support page lists additional search parameters and examples for each parameter which demonstrate how a particular parameter can be used in searches on the Gmail site.
Original news article at https://www.ghacks.net on November 15, 2012 at 04:25AM
If you need to find large attachments on Gmail quickly, you have a few options at your disposal. You can for instance use the Find Big Email service which automatically goes through all of your emails to sort them by size into groups. The program labels the emails accordingly so that you can quickly display all emails with attachments that are over a certain size.
While that is certainly handy, it means that you have to authorize the service for the operation, something that not all Gmail users may want to do considering that emails often contain important data that no one else should have access to.
Back then I explained how you can use a third party email program like Thunderbird to sort emails by size automatically, which is really helpful in this regard. While you need to install and configure the program first, you can display the sizes manually and without third party help.
There is however another option that you can use on Gmail’s website directly. The undocumented parameter size: enables you to display emails that are larger than the specified size. Use that together with a keyword, e.g. work, the name of a contact or an email address, and you have a filtering system that is easy to use and at the same time very efficient.
The size needs to be entered in bytes, a few examples are size:1000000 for files larger than 1 Megabyte, size:100000 for files larger than 100 Kilobyte or size:10000000 for attachments larger than 10 Megabyte. It is technically not fully correct, as one Megabyte is 1048576 Bytes, but that would make things more complicated as they should be. Just add keywords, email addresses or names to the search phrase to find the emails that you are looking for.
The size parameter can be really useful for a number of operations, for instance to delete large emails to free up space, or to locate a specific email that you know had a large attachment attached to it. (via TechSmog)
Original news article at https://www.ghacks.net on November 09, 2012 at 05:04PM