Donald Sears

Cisco Patches Critical IOS Holes

Cisco has released its twice-yearly set of security updates for its switches and routers. There are six advisories in all, each one covering a different component of the Cisco Internetwork Operating System (IOS), which powers the routers. Read the full article. [IDG News Service]

57 Percent of Apps Have Poor Security: Report

Findings from Veracode’s report “State of Software Security Report: Volume 2.” show that overall quality of
applications remains poor, with 57 percent failing to meet acceptable
levels of security. New results demonstrate that cloud/web-based
applications are the most commonly scrutinized, and with good reason: 80
percent of web applications would not pass a PCI audit. Read the full article. [Help Net Security]

Researchers Develop Stealth Hypervisor Tool

Researchers at NC State University and IBM have
built a prototype security tool that operates in stealth mode to
determine the security of a hypervisor so as not to tip off attackers. Read the full article. [Dark Reading]


Canonical has released updated kernels for Ubuntu versions 10.04 LTS, 9.10, 9.04, 8.04 LTS and 6.06 LTS to close the recently discovered holes in the Linux kernel. The updates are also for the equivalent versions of Kubuntu, Edubuntu and Xubuntu and should be available through Ubuntu’s Software Update system. Read the full article. [The H Security]

A
Long Beach, California man who helped funnel stolen cash to a global network of
hackers and carders was sentenced Thursday to 6 years in prison for
conspiracy to launder money.
 Cesar Carranza, 38, sold MSR-206’s to carders to encode stolen bank card
data onto blank cards, and he served as a conduit to transmit stolen
money between mules and carders. Read the full article. [Wired]

Fifty-three individuals were charged today in connection with
widespread, sophisticated identity theft and fraud, including 43
individuals charged with participating in one large-scale criminal
enterprise, United States Attorney Paul J. Fishman and FBI Special Agent
in Charge Michael B. Ward announced. Read the full statement. [FBI Newark]

One day after it released updates for its Firefox web browser, the Mozilla Project has issued versions 3.1.4 and 3.0.8 of Thunderbird, the latest stable and legacy branch updates of its popular open source email client. According to the developers, the latest maintenance updates improve the applications overall stability and address several user experience concerns found in the previous stable branch release. Read the full article. [The H Security]

Intel has confirmed Blu-ray HDCP encryption is cracked after
admitting a leaked master key is the real deal. High-bandwidth Digital Content Protection (HDCP) copy protection
technology is designed to protect high-definition video content as it
travels across digital interfaces. Read the full artcicle. [The Register]

Apple Patches Quicktime

Apple patched a critical vulnerability in QuickTime that was
reported to the company by a bug bounty program months ago. Read the full article. [Computerworld]