NSA Whistleblower Snowden on PRISM, surveillance, privacy

NSA whistleblower Edward Snowden said a “continuing litany of lies” from senior U.S. leaders prompted his public uncovering of widespread surveillance of Americans’ phone calls and alleged data sharing between large technology companies and the government. In a two-hour online question-and-answer...

NSA Director Alexander Grilled by Senate Committee

National Security Agency director Gen. Keith Alexander was asked some pointed questions by the Senate Appropriations Committee this afternoon regarding the spy agency’s surveillance of Americans’ phone calls and electronic communication in the name of fighting terrorism. Alexander provided little...

Clappers Says NSA Programs Fully Authorized and Necessary

The top U.S. intelligence official addressed the recent revelations about the National Security Agency’s covert cell-phone and email data collection surveillance programs on Thursday, saying that the programs have been ongoing for years, are fully authorized under U.S. law and that the leaks...

NSA's PRISM spy program, mining data from nine biggest Internet companies

The National Security Agency, part of the U.S. military reportedly has a direct line into the systems of some of the world’s biggest Web and tech companies, i.e Microsoft, Google, Facebook, Skype. The NSA access is part of a previously undisclosed program called PRISM, 6-year-old program which...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Eclipse Help System IEHS 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2013-0464

Multiple cross-site scripting XSS vulnerabilities in IBM Eclipse Help System IEHS 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL...

UBUNTU-CVE-2013-0464

Multiple cross-site scripting XSS vulnerabilities in IBM Eclipse Help System IEHS 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2013-0464

Multiple cross-site scripting XSS vulnerabilities in IBM Eclipse Help System IEHS 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL...

IBM SPSS Data Collection CVE-2013-0464跨站脚本漏洞

Bugtraq ID:60246 CVE ID:CVE-2013-0464 IBM SPSS Data Collection是全球业界领先的问卷调查、市场研究以及客户行为分析的专业解决方案。 IBM SPSS Data Collection存在一个输入验证漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被用户查看时可获取敏感信息或劫持用户会话。 0 IBM SPSS Data Collection 6.0.1 IBM SPSS Data Collection 6.0 IBM SPSS Data Collection 7.0 用户可参考如下厂商提供的安全公告获得补丁程序：...

Mozilla Delays Third-Party Cookie Patch in Firefox

Mozilla has tapped the brakes on its plans to block third-party cookies by default in the Firefox browser. Test versions of Firefox 22, scheduled for a June release, were supposed to include a patch that blocked third-party cookie drops by default. However, Mozilla CTO Brendan Eich said yesterday...

[ExploitSearch.net] Exploit / Vulnerability Search Engine

Exploitsearch.net , is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone. Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source...

Google Privacy Director Alma Whitten Leaving

Alma Whitten, the director of privacy at Google, is stepping down from that role and leaves behind her a complicated legacy in regards to user privacy. Whitten has been the company’s top product and engineering privacy official since 2010 and was at the helm as the company navigated a number of...

Google to Pay $7M Settlement Over Street View Data Collection

Google has agreed to pay a $7 million settlement to several dozen U.S. states as part of an agreement of charges that the company was collecting private user data from WiFi hotspots while its Street View cars were driving around taking photos in various locations. The controversy over Google’s...

Dissecting a mobile malware

The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a...

FTC Launches Investigations into Mobile Apps for Kids

The Federal Trade Commission on Monday said it’s launching “non-public investigations” to determine if mobile application providers are violating federal laws by collecting information on children without their parents’ permission. A report indicates almost 60 percent 235 of the children-centric...

VMware vCenter Data Collection

Binary data vmwarevcentercollect.nbin...

Alliance Issues Guidance for Cloud-Based SIEM Services

The non-profit Cloud Security Alliance today released guidelines for the nascent Security as a Service SecaaS specialization within the broader realm of cloud computing. The goal, the group says, is to help companies and consumers gain a better handle on how best to evaluate, build and deploy...

Android Adware abusing permissions, Collecting more than they need

So you just bought a new Android-based smartphone, what comes next? What else but the most exciting part downloading the right apps to boost its functionality. Android gives you the freedom to personalize your device, which has made it attractive to those who want their smartphones to be as uniqu...

New Verizon Marketing Initiative May Violate Users' Privacy

Verizon has drawn the ire of its customers and privacy advocates this week because a new initiative launched by the telecom company may violate users’ privacy. A new marketing program dubbed Precision Market Insights extracts information about Verizon’s customers on Android and iOS platforms...

Gathering Threat Intelligence With Open Tools

Threat intelligence is one of the go-to buzz phrases for many people in the security industry right now, and it’s thrown in so many contexts and situations, it’s quickly becoming almost meaningless. Most people understand that they need to get better information about what’s happening both on the...