An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday.

The database includes names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Vickery said in a phone interview.

Source: Database of 191 million U.S. voters exposed on Internet: researcher

The official Twitter account for myGov – a portal for accessing government services online – told Aussies this week: “Going overseas this summer? If you’re registered for myGov security codes make sure you turn them off before you go.”

The startling tweets come complete with professional cartoon graphics, clearly suggesting that rather than a civil servant going rogue on an idle afternoon, the advice was produced as a matter of policy.

Source: Australian government urges holidaymakers to kill two-factor auth

Because some people can’t receive SMS in foreign countries. This is a bad idea ™

And that password is: <<< %s(un='%s') = %u.

Source: How to log into any backdoored Juniper firewall – hard-coded password published

The energy-time entanglement technology for quantum encryption studied here is based on testing the connection at the same time as the encryption key is created. Two photons are sent out at exactly the same time in different directions. At both ends of the connection is an interferometer where a small phase shift is added. This provides the interference that is used to compare similarities in the data from the two stations. If the photon stream is being eavesdropped there will be noise, and this can be revealed using a theorem from quantum mechanics – Bell’s inequality.

On the other hand if the connection is secure and free from noise, you can use the remaining data, or photons, as an encryption key to protect your message.

What the LiU researchers Jan-Åke Larsson and his doctoral student Jonathan Jogenfors have revealed about energy-time entanglement is that if the photon source is replaced with a traditional light source, an eavesdropper can identify the key, the code string. Consequently they can also read the message without detection. The security test, which is based on Bell’s inequality, does not react – even though an attack is underway.

Physicists at Stockholm University have subsequently been able to demonstrate in practical experiments that it is perfectly possible to replace the light source and thus also eavesdrop on the message.

But this problem can also be solved.

“In the article we propose a number of countermeasures, from simple technical solutions to rebuilding the entire machine,” said Jonathan Jogenfors.

Source: Swedish researchers reveal security hole

When a user opens an Outlook email or previews the email in one of the Outlook panels, the OLE mechanism will automatically read the embedded Flash object and try to execute it, to provide a preview.

Since most Flash exploits only need to be executed to work, and because there’s a flaw in the Outlook security sandboxing system, an attacker can easily embed malicious Flash objects inside emails and have other malicious code executed via older (Flash) vulnerabilities.

Source: BadWinmail Microsoft Outlook Bug Can Give Attackers Control Over PCs

A database for sanriotown.com, the official online community for Hello Kitty and other Sanrio characters, has been discovered online by researcher Chris Vickery. The database houses 3.3 million accounts, and has ties to a number of other Hello Kitty portals.

The records exposed include first and last names, birthday (encoded, but easily reversible Vickery said), gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related.

Source: Database leak exposes 3.3 million Hello Kitty fans

ouch

Source: Important Announcement about ScreenOS® – J-Net Community

FireEye sell security appliances to enterprise and government customers. FireEye’s flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet.

Source: Project Zero: FireEye Exploitation: Project Zero’s Vulnerability of the Beast

All you need to do is send the jar in an email or get someone to visit a site with the jar on it and you can modify the bios and get access to their network information.

A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.

Source: Back to 28: Grub2 Authentication Bypass 0-Day

Oops