DLA-20-1 munin - security update

Bulletin has no description...

EFF Files Motion Asking Judge to Rule NSA Data Collection Unconsitutional

The EFF has asked a federal judge to rule that the NSA’s collection of massive amounts of upstream user data is unconstitutional, violating the Fourth Amendment. The motion for partial summary judgment in the case of Jewel v. NSA, a six-year-old lawsuit related to NSA data collection on AT&T’s...

AirWatch Data Collection

Binary data airwatchcollect.nbin...

Phishers Use Luis Suarez Bite as Bait

The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been...

BT Voyager 2000 Wireless ADSL Router SNMP Community String Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10589/info BT Voyager 2000 Wireless ADSL Router is reported prone to a sensitive information disclosure vulnerability. It is reported that 'public' SNMP MIB community strings which, are world readable by default contain...

Facebook Set to Let Users Edit Own Advertising Info

Facebook announced today it will soon be rolling out a new feature to give users more control when it comes to the types of advertisements they see on the site. If users are tired of getting barraged with ads for shoes, video games or discount plane tickets, they’ll not only be able to stop the...

Judiciary Committee Approves Bill Limiting NSA Surveillance

The House Judiciary Committee met yesterday in a hearing to discuss, amend and approve the USA FREEDOM Act, which aims to rein in the National Security Agency’s surveillance powers and place new limits on authority granted under the USA PATRIOT Act and the Foreign Intelligence Surveillance Act...

With a Warning FTC Approves WhatsApp, Facebook Union

Facebook’s acquisition of messaging application WhatsApp was approved by the Federal Trade Commission late last week, but not without a stern notice from the agency, which warned that it would be keeping a watchful eye on the two companies going forward. In a letter addressed to officials at...

Bruce Schneier on Surveillance at Source Boston keynote

BOSTON – History is not entirely kind to those responsible for the Industrial Age in the 19th century. How, for example, were the consequences of industrial innovation such as pollution largely ignored? Flash forward to today’s digital age and ask the same question: How are those responsible for...

Clapper: NSA Queries Databases for Information on U.S. Persons

UPDATE–The NSA searches the data it collects incidentally on Americans, including phone calls and emails, during the course of terrorism investigations. James Clapper, the director of national intelligence, confirmed the searches in a letter to Sen. Ron Wyden, the first time that such actions hav...

Check_MK跨站请求伪造漏洞(CVE-2014-2330)

BUGTRAQ ID:66389 CVE ID:CVE-2014-2330 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在跨站请求伪造漏洞，成功利用后可使远程攻击者在受影响浏览器上下文中执行未授权操作。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序： http://mathias-kettner.de...

Check_MK 任意文件删除漏洞(CVE-2014-2332)

BUGTRAQ ID:66396 CVE ID:CVE-2014-2332 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在任意文件删除漏洞，成功利用后可使远程攻击者删除受影响应用上下文内的任意文件。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://mathias-kettner.de...

Check_MK 多个HTML注入和跨站脚本漏洞(CVE-2014-2329)

BUGTRAQ ID:66391 CVE ID:CVE-2014-2329 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在多个HTML注入漏洞和跨站脚本漏洞，成功利用后可使远程攻击者在受影响浏览器上下文中运行上传的HTML和脚本代码。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://mathias-kettner.de...

NSA RETRO Tool Collects Content of Phone Calls

The latest in the slow but steady trickle of leaks dripping out of NSA whistleblower Edward Snowden reportedly shows that the U.S. spying agency has the capacity to recall entire foreign phone call conversations for as long a month after the fact. The program, according to a Washington Post repor...

The NSA, Snowden and the Internet's Offensive Future

Despite everything that has transpired in the last year, Edward Snowden sounded calm, reflective and in some ways wistful yesterday discussing the fallout and consequences of the multitude of NSA programs and methods he’s revealed. Snowden bemoaned the fact that the NSA specifically and the...

MobileIron Data Collection

Binary data mobileironcollect.nbin...

Privacy Groups Seek to Halt Facebook Acquisition of WhatsApp

The appeal of WhatsApp, the cross-platform mobile messaging app recently acquired by Facebook for a stunning $19 billion price tag, was that it kept to its promise of not collecting user information that would be converted to ad revenue. The acquisition by Facebook, however, likely changes that...

SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)

The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same formkey, which can only be managed by carefully crafting the webform...

Congressmen Call For DNI Clapper's Ouster

A group of six Congressmen have asked President Barack Obama to remove James Clapper as director of national intelligence as a result of his misstatements to Congress about the NSA’s dragnet data-collection programs. The group, led by Rep. Darrell Issa R-Calif., said that Clapper’s role as DNI “i...

Crypto Pioneers Write Letter on NSA Surveillance to Obama

Perhaps the biggest condemnation of President Obama’s address last Friday announcing reforms to the NSA’s surveillance programs was his failure to mention any of the agency’s alleged involvement in subverting cryptography standards and the impact that has had on the trustworthiness of products...