US Navy Soliciting Zero Days
The National Security Agency may find and purchase zero days, but that doesn’t mean it’s sharing its hoard with other government agencies such as the U.S. Navy, which apparently is in the market for some unpatched, undisclosed vulnerabilities of its own.
Source: threatpost.com
Hidden backdoor API to root privileges in Apple OS X
The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It’s been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system. [image credit: Len Radin]
Source: truesecdev.wordpress.com
Do you use TextSecure Private Messenger for your private conversations? If yes, then Are you sure you are actually using a Secure messaging app? TextSecure, an Android app developed by Open WhisperSystems, is completely open-source and claims to support end-to-end encryption of text messages.
The app is free and designed by keeping privacy in mind. However, while conducting the first audit of the software, security researchers from Ruhr University Bochum found that the most popular mobile messaging app is open to an Unknown Key-Share attack.
A security patch has been rushed up following an attack on the Darkcoin network which temporarily allowed an attacker to gain control of the Masternode list, according to an official statement on the Altcoin’s homepage on Tuesday. “This attack was a simple exploitation of the fact that we were not checking that the signing key…
BitcoinEXpress blackmailing betting the Monero dev's that he can exploit ("coin killer time warp attack") Monero before they can fix the exploit he was blackmailing them with exposed.
Countdown to "It's Almost timetokillXMR".
At the end of that same post, BCX implied that he was playing the catalyst in a forced evolution of the coin, and then posted a link to a youtube video of The Joker burning a pile of cash to communicate his motivation behind the decision to attack Monero. He also announced that he had begun taking shots of Stoli Elite and “loves this shit.” Bond Villain anyone?
http://bullbearanalytics.com/2014/09/23/whats-going-monero/
We have started a new Dry Run to test everything as we prepare to launch the markets and have things go live... https://www.youtube.com/watch?v=Zje91xTd6Lc We are calling everyone into service to prevent Armageddon when we turn on BitAssets. Your mission is to find and exploit any holes in the market engine before the hard fork lands tomorrow. If you are successful in your mission to break the market engine there is a $5000 BitUSD bounty for a bug that causes us to delay enabling the markets via price feeds. Delegates, you should be watching this test. When you feel this test has been proven to your satisfaction, then publish a price feed for BitUSD on the main network. Once 50 delegates publish a price feed we will have the dawn of a new era in crypto currencies. Good luck! Checkout: https://github.com/BitShares/bitshares_toolkit (develop branch) Audit Code here: https://github.com/BitShares/bitshares_toolkit/blob/master/libraries/blockchain/market_engine.cpp
Among all the scams and thievery in the bitcoin economy, one recent hack sets a new bar for brazenness: Stealing an entire chunk of raw internet traffic from more than a dozen internet service providers, then shaking it down for as many bitcoins as possible. … At its peak, according to the researchers’ measurements, the hacker’s scam was pocketing a flow of bitcoins and other digital currencies including dogecoin and worldcoin worth close to $9,000 a day. … In fact, the BGP bitcoin-stealing exploits represent less of a new vulnerability in bitcoin than the persistent fragility of the internet itself, Dell’s researchers say.
No bitcoin's 'were stolen', the title is misleading.