SD Card exploit used by security researchers to steal data

A pair of security researchers have figured out how to subvert tiny controller chips in flash-memory storage devices, an approach that could expose people's private data.

cNet

Chromebook sales beat Macs for educators

"Google's Chromebook computers have surpassed Apple's Macbooks in commercial sales growth as educators opt for the lower-cost Chromebook in classrooms instead of the Mac"  WorldNews

Top Security Breaches of 2013

A list of the top scams and breaches for this year.  SiliconRepublic

UTC Windows Offline Updater

The WSUS offline updater allows for "batch patching" of a Windows OS and Microsoft Office.  If you need to patch a fresh install of Windows, or update an PC that has been offline for a while, please review this document.

BBC computer server was controlled by Russian hacker

"A Russian hacker took control of a BBC computer server and attempted to sell access to it to other cybercriminals, according to reports."  BBC

OpenSSL.org defaced

Code source has been verified, all is well.  Details to follow. Hacking News

Defcon 21 Videos

A variety of computer security subjects.  Youtube

The NSA's TAO hacking unit

The NSA's TAO hacking unit is considered to be the intelligence agency's top secret weapon. It maintains its own covert network, infiltrates computers around the world and even intercepts shipping deliveries to plant back doors in electronics ordered by those it is targeting.  Sp.de

 

Will Mod be the new Metro for Windows 8?

"In August 2012, just before launching Windows 8, Microsoft officials conceded that the company would no longer be using "Metro" to describe the tiled interface"  ZDNet

Target says stolen debit card data still "safe"

Earlier this month approximately the data contained on 40 million credit cards and debit cards was stolen from Target.  The card data is from users who purchased in-store goods, not via Target's web site.  Target "is confident" that the PIN numbers required to access the affected debit cards is "still safe."  ThreatPost

Play classic console games at the Internet Archive

No sound, but that will be coming.  Internet Archive.

The top 10 major hacks of 2013

"The retailer urged consumers to keep a close eye on their statements and credit scores, but this is certainly not the first time that shoppers and web users have had to double check their accounts for fraud, or change an Internet password, in 2013."

 

ITPortal

Building a MacPro equivalent Windows PC.

"A top-of-the-line Mac Pro costs $9,599 and includes a 2.7 GHz Intel Xeon E5 12-core processor, 64GB of DDR3 RAM, a 1TB SSD, and dual AMD FirePro D700 graphics cards."

 

Digital Trends

Snapchat Security Hole

Snapchat's previously undocumented API and code for two exploits have been published, allowing mass name/phone number matching, and mass creation of bogus accounts.  ZDNet

RSA Denies Knowingly Building NSA 'Back Door' Into Security Software

"Recent press coverage has asserted that RSA entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation"  Link

What To Expect After the Target Card Data Breach

"If you braved the crowds and went shopping at Target on Black Friday this year, or bought something from the retailer in the weeks since, you need to check your credit card statements. You may be among the 40 million customers affected by what may turn out to be the largest financial breach of 2013."  Link

NSA paid RSA for back door into its security products

"Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products."  Link

Cryptolocker ransom Trojan infected 250,000 PCs, Dell SecureWorks estimates

"Dell Secureworks estimates that between September and December the sums extorted were between $380,000 and $980,000 in value"   Link

Apple releases OS X 10.9.1 Mavericks Update

"the OS X 10.9.1 update is narrowly focused on Apple's Safari Web browser. OS X 10.9 originally shipped with Safari 7.0, which is now being updated to a patched Safari 7.0.1 release. In total, the Safari 7.0.1 update includes nine security updates for vulnerabilities found within Safari and its core WebKit rendering engine"

Link

Target Chain Suffers In Store Credit Card Breach.

"The company early Thursday confirmed a data breach may have affected about 40 million credit card and debit card accounts between Nov. 27 and Dec. 15."

This did not affect online purchases, just store purchases.

Link

Google Cuts Android Privacy Feature, Says Release Was Unintentional

The feature allowed users to easily manage the permission settings for installed apps.  Link

Flash Player Vulnerabilities Patched by Adobe

"Adobe announced that two security vulnerabilities (CVE-2013-5331 and CVE-2013-5332) available in Flash Player 11.9.900.152 had been addressed in the recently released update for the software."  Link

Windows 'Threshold' Leaks Point to Return of Start Menu

"could reintroduce the Start menu ditched in the original Windows 8 release "  Link

Firefox 26, updates plus new plugin security.

"Setting plug-ins to click-to-play means the user must manually activate a plug-in when a web page attempts to use it. It’s a security measure, allowing users to pick and choose whether or not specific plug-ins get to run."

 

Link

Celebrity Deaths, Facebook, Malware, and You

The recent death of Paul Walker is being used to spread malware.  This is yet another example of criminals taking advantage of public interest to line their pockets.  Please do not click on any link, for any sensational story, provided in email or through social media.  If you need to find out about an event, go to a major news outlet using your web browser.

Facebook Considers Adding a 'Sympathize' Button

For when you've seen something ... but can't 'like' it.

 

 Link

Android Brightest Flashlight Free App spies on users.

"Although the free app offered people an opt-out clause, the FTC said this was "meaningless" because data from all users of the Brightest Flashlight app was shared whether they agreed or not."   Link

Microsoft codename 'Threshold': The next major Windows wave takes shape

As we've heard before, Microsoft is working to deliver a single app store across its myriad Windows platforms. Company officials also are laboring to make the developer toolset for all three of these platforms more similar. Link