Top Stories for Today
[431] 5 security threats to watch in 2010 [321] World of Warcraft "beaten" by Taiwanese player [277] US school stung for $1m in SETI search [211] Metasploit Making Enterprise Debut [209] Character limitations in passwords considered harmful [202] Windows 7 10-in-1 Ultimate Steve Ballmer Signature Edition Sold on USB Flash Drives [196] BlackBerry Admins: Beware New BES Security Flaw [188] Apple tablet rumored to be 'shockingly' inexpensive [187] Security firm retracts 'black screen' claims, apologises [184] HP staff to strike over freeze on pay [176] Critical bug fixed in Thunderbird [176] Intel to Demonstrate 48-Core Microprocessor [173] Anti-Piracy Group Refuses Bait, DRM Breaker Goes To Police [169] Hackers cash in on Chinese gaming craze [168] Netbook hack released for Mac OSX 10.6.2 [168] Sequoia publishes electronic voting machine source code [165] When does a hobby become an employment issue? [156] Open Source digg-clone Pligg plugs security holes [153] Can you trust Chromium? [153] A few insights on Twitter hackers and phishers [151] The hackability of the smart grid [150] Crucial launches 4GB DDR3 modules [149] FCC requests input on PSTN switch to IP [145] Brown's young son behind Twitter gobbledegook [140] Nasa hacker gets legal deadline extended [111] Botnet continues massive H1N1 malware campaign [80] Bank didn't notice ATM skimmer for a week [77] Why Privacy Concerns Are Ruining Facebook [72] Science advisers grilled over hacked e-mails View the Top 50 articles
Top 20 of the Last 2 Weeks
|
5 security threats to watch in 2010
Posted by l33tdawg on Thursday, December 03, 2009 - 01:36 AM (Reads: 431)
|
Source: ZDNet (Asia)
Everyday Internet users will be a key target for cybercriminals looking to get people to download their malware, while the proliferation of social sites such as Facebook and Twitter will lead to an increase of possible fraud cases, reported Symantec.
At a media briefing Wednesday, the security vendor released a report outlining security threats enterprises and consumers should be mindful of in 2010. Of these, the security risk faced by everyday Internet users is likely to increase as criminals look to trick people into downloading malware through means such as an innocent-looking URL link or videos and pictures from unknown sources.
"[Users] could be opening themselves up to identity theft and other types of cybercrime," Symantec said in the report, adding that the number of attempted attacks using social engineering "is sure to increase" next year.
[   ]
| |
Security firm retracts 'black screen' claims, apologises
Posted by l33tdawg on Thursday, December 03, 2009 - 01:36 AM (Reads: 187)
|
Source: Computer World (NZ)
The UK security company that started a firestorm after claiming recent Windows security updates caused a widespread "black screen" lock-out of users' PCs has retracted its claims and publicly apologized to Microsoft.
"It is clear that our original blog post has been taken out of context and may have caused an inconvenience for Microsoft," Mel Morris, the chief executive of UK security firm Prevx, said in an entry on the company's blog on Wednesday . "This was never our intention and we have already apologised to Microsoft."
Morris' blog post was the second in two days that included an apology to Microsoft. The first, written yesterday by Jacques Erasmus, Prevx's director of research, said that Microsoft's patches were not to blame; he instead pinned responsibility for the black screens on malware infections.
[ ]
| |
Character limitations in passwords considered harmful
Posted by l33tdawg on Thursday, December 03, 2009 - 01:35 AM (Reads: 209)
| |
Source: CNet News
For about the 4,000th time in the last five years, I tried to sign up for a new Web service, but it wouldn't accept my proposed password. Apparently, the site operators decided that passwords should contain only letters and numbers. Aarrrrgh! This isn't the first time I've seen this idiocy, and it won't be the last. But it should be.
Guidelines on how to construct a strong password almost uniformly recommend using a mixture of upper and lower case letters, numbers, and symbols. Tools for generating passwords (for example, strongpasswordgenerator.com) encourage the use of symbols. There's even a mathematical formula that precisely calibrates how much more unguessable symbols make a password. So why don't sites support symbols in passwords? It makes no sense.
The strongest case against limited-character passwords isn't technical. It's not about "information entropy." It's about human factors and behaviors. Human factors dominate the success (or failure) of all information systems, including password systems. Humans are lousy at choosing random or quasi-random sequences--exactly the kind of high-entropy, hard-to-guess passwords that information security professionals think ideal. People are even worse at remembering said passwords.
[ ]
| |
Sequoia publishes electronic voting machine source code
Posted by l33tdawg on Thursday, December 03, 2009 - 01:34 AM (Reads: 168)
| |
Source: The Register (UK)
Sequoia Voting Systems has become the first electronic voting machine maker to publish the source code used in one of its systems, a move that computer scientists have praised.
On Monday, the Denver, Colorado company released the first batch of code for Frontier, an end-to-end e-voting system that it plans to begin selling in the near future. Sequoia has promised to release the blueprints for 100 per cent of its system software, including firmware, before the system is submitted for federal certification in June.
To be sure, the initial installment is fairly mundane: code written in Microsoft's C# programming language that acts as a desktop publishing program of sorts for controlling the layout of a ballot. But the move represents a seismic shift in strategy for Sequoia, which in the past has gone to great lengths to keep third parties from reviewing the inner workings of its machines.
[ ]
| |
US school stung for $1m in SETI search
Posted by l33tdawg on Thursday, December 03, 2009 - 01:33 AM (Reads: 277)
| |
Source: NZ Herald
A former school district employee is accused of using school computers in an experiment to find space aliens, costing the worker his job and the district more than US$1 million.
School officials say that Brad Niesluchowski, who was Higley Unified School District's information technology director, downloaded free software on district computers in 2000. The program, known as SETI(at)home, uses internet-connected computers worldwide to analyse radio telescope data in an experiment to find extraterrestrial intelligence.
[ ]
| |
Metasploit Making Enterprise Debut
Posted by l33tdawg on Thursday, December 03, 2009 - 01:32 AM (Reads: 211)
| |
Source: Internet News
For many IT pros, the free, open source Metasploit Framework was once thought of as just a community project unsuitable for serious enterprise security testing. Now, Metasploit's new patron, security vendor Rapid7, is working to make sure that's no longer the case.
Since acquiring Metasploit at the end of October, Rapid7 has been busily integrating the framework with its commercial NeXpose suite of vulnerability scanning and assessment tools.
The result: Rapid7's flagship NeXpose Enterprise Edition 4.8 suite can now borrow from a number of key Metasploit capabilities. The new integration comes by way of Metasploit's update to version 3.3.1, which offers a new Metasploit Console plug-in that exposes new commands to the user.
[ ]
| |
HP staff to strike over freeze on pay
Posted by l33tdawg on Thursday, December 03, 2009 - 01:31 AM (Reads: 184)
| |
Source: The Scotsman
WORKERS at computer giant Hewlett-Packard are to stage a 24-hour strike after voting overwhelmingly for industrial action in a dispute over pay and jobs.
The Public and Commercial Services (PCS) union said its members at the firm's enterprise services section, including those working on government IT contracts, will walk out on 10 December. It said there had been growing anger over job losses and a pay freeze since HP took over EDS in August 2008.
Up to 1,000 union members will take part in the strike, including those working on IT contracts for the Department for Work and Pensions in Newcastle upon Tyne, Washington, Preston and the Fylde Coast.
[ ]
| |
When does a hobby become an employment issue?
Posted by l33tdawg on Thursday, December 03, 2009 - 01:30 AM (Reads: 165)
|
Source: Times Online (UK)
A senior military analyst with the New York-based Human Rights Watch has been suspended while the organisation investigates his internet postings about his hobby of collecting Nazi and other war memorabilia.
Tom Porteous, the London director of Human Rights Watch, says that the group is looking at Marc Garlasco’s blogs to see if there are any inconsistent remarks that might bring the organisation into disrepute.
So when does a hobby become an employment issue? For Allen & Overy, the “magic circle” law firm, a highly erotic novel published online by Deirdre Dare, a lawyer in its Moscow office, was clearly a step too far, prompting the firm to sack her for gross misconduct this year.
[ ]
| |
World of Warcraft "beaten" by Taiwanese player
Posted by l33tdawg on Thursday, December 03, 2009 - 01:30 AM (Reads: 321)
|
Source: Tech Digest
OK, so it's technically impossible to beat a game that has no defined ending, but World of Warcraft player "Little Gray" is the first to finish virtually every single thing that the land of Azeroth currently has to offer.
According to MMO Champion, he's the first player to nab every single achievement in the game and the first player to reach 986/986 points listed in the armoury.
His stats in the armory show that he's killed 390,895 creatures, and died just 8,543 times. He dished out 7,255,538,878 points of damage to his foes, and completed an average of 14.6 quests per day for a total of 5,906. Dedication or a case of OCD just waiting to be diagnosed? We'll let you decide that one.
[ ]
| |
FCC requests input on PSTN switch to IP
Posted by l33tdawg on Thursday, December 03, 2009 - 01:29 AM (Reads: 149)
|
Source: CDE Magazine
The FCC is asking for comment on transitioning the circuit-switched phone system – the public switched telephone network (PSTN) – to all IP.
The comments would be used to develop an official notice of inquiry (NOI) that in turn could lead to official government policy under the authority of the American Recovery and Reinvestment Act of 2009 (ARRA, aka the broadband stimulus bill).
The FCC’s request reads: “In the spirit of understanding the scope and breadth of the policy issues associated with this transition, we seek public comment to identify the relevant policy questions that an NOI on this topic should raise in order to assist the Commission in considering how best to monitor and plan for this transition. In identifying the appropriate areas of inquiry, we seek to understand which policies and regulatory structures may facilitate, and which may hinder, the efficient migration to an all IP world.
[ ]
| |
Can you trust Chromium?
Posted by l33tdawg on Thursday, December 03, 2009 - 01:28 AM (Reads: 153)
|
Source: CIO Weblog
I mentioned recently in my posts on Google's new Chromium operating system project that while the idea of a lightweight, secure, powerful web-oriented operating system may be theirs at the moment, they may not ultimately be the business that finds success with such a product. This isn't the first time I have hedged my bets when discussing Google efforts, particularly those oriented toward commercial enterprises; I have a similar hesitancy in crowning Apps, or Postini, as clear successors to the disputed throne of SaaS offerings in their respective categories because, fundamentally, I don't believe Google cares about that market or those products. Google is a media company, and ads are their bread and butter.
By most conventional business logic, it would actually be somewhat silly for them to focus on anything else to the extent necessary to guarantee success. Nor does the company appear to do so; they are taking another, perhaps more rational, approach, one that involves throwing a lot of stuff out at the wall and seeing what sticks.
[ ]
| |
Anti-Piracy Group Refuses Bait, DRM Breaker Goes To Police
Posted by l33tdawg on Thursday, December 03, 2009 - 12:53 AM (Reads: 173)
| |
Source: Torrent Freak
In order to force a change in the law, last month a man reported himself for breaching copyright more than a hundred times, hoping an anti-piracy group would take him to court. The group’s lawyer said they would respond by today – they haven’t – so the Danish copyfighter is now reporting himself to the police.
At the end of October, a Danish citizen took drastic action to draw attention to some restrictive and seemingly contradictory copyright legislation. Henrik Anderson told TorrentFreak that in order to force his government’s hand on laws which allow him to copy DVDs for his own personal use, but forbid him to remove the DRM in order to do so, he decided to turn himself in.
[ ]
| |
Apple tablet rumored to be 'shockingly' inexpensive
Posted by l33tdawg on Thursday, December 03, 2009 - 12:52 AM (Reads: 188)
|
Source: Apple Insider
Internet and television personality Alex Albrecht claimed to have insight on the price of Apple's rumored tablet during the latest episode of Diggnation, which also featured actor John Hodgman from Apple's "Get a Mac" commercials.
During the course of episode 231 of the Internet-based show, co-host and Web entrepreneur Kevin Rose asked Hodgman, who plays the bumbling "PC" in Apple's commercials, if he has any inside information on the tablet. "I don't know anything about it," Hodgman said. "You think they'd tell me?"
Rose then turned his attention to Albrecht, and insinuated that the co-host had privately revealed supposed information on Apple's long-rumored touchscreen device. After pestering from Rose, Albrecht eventually conceded: "I was shocked at how cheap the price point is going to be." He declined to reveal anything further.
[ ]
| |
Crucial launches 4GB DDR3 modules
Posted by l33tdawg on Thursday, December 03, 2009 - 12:52 AM (Reads: 150)
|
Source: The Inquirer
MEMORY VENDOR Lexar Media has unveiled its biggest consumer desktop memory modules yet, the Crucial 4GB DDR3-1333MHz non-ECC UDIMM.
Compatible with the latest generation Intel Core i5 and i7 and AMD AM3 processors, the new high density chips mean that users can now bung up to 16GB of memory into a standard four slot motherboard. Of course, you'll want to be running a 64-bit OS in order to actually be able to access all of that memory.
"Computer technology is constantly evolving, so we're committed to developing and offering a wide variety of Crucial memory products for both PC and Mac system users," said Jim Jardine, senior worldwide product manager for Lexar Media.
[ ]
| |
Critical bug fixed in Thunderbird
Posted by l33tdawg on Thursday, December 03, 2009 - 12:51 AM (Reads: 176)
| |
Source: CNet (Download)
Mozilla updated its nearly-baked Thunderbird 3 Tuesday night, fixing one critical error and addressing three others. The critical bug fix affects the Windows, Mac, and Linux versions of Thunderbird 3 Release Candidate 2. It had caused the previous version to hang on shutdown, consume too much memory, and close all IMAP connections.
The other fixes in this version enable downloading new messages automatically by default for POP3 accounts, label the default theme as version 2.0, and fixes the "download more dictionaries" option, which had been failing to open properly.
Already a year off from its original release schedule, Thunderbird 3 has also missed its most recent revised deadline, which had been planned for the end of November 2009. However, I've been using the beta and release candidate builds and have found them to be as stable as Thunderbird 2, but with far less memory hogging.
[ ]
| |
Intel to Demonstrate 48-Core Microprocessor
Posted by l33tdawg on Thursday, December 03, 2009 - 12:50 AM (Reads: 176)
|
Source: X-Bit Labs
Developers from Intel Corp. plan to demonstrate the world’s first central processing unit with 48 cores today. The processor is experimental and belongs to Intel Tera-Scale Computing Research program, but Intel claims that the chip has 10 – 20 times higher performance compared to existing Intel Core products.
The prototype chip contains 48 independently programmable cores – the largest number ever placed on a single piece of silicon. The microprocessor features new high-speed core-to-core data bus, which is very much needed for multi-core microprocessors, integrated memory controller and so on. What is interesting is that according to the world’s largest chipmaker the prototype only consumes 25W in idle and 125W under full workload, which is inline with today’s central processing unit. It is unclear which process technology is used to make the new prototype chip.
[ ]
| |
Open Source digg-clone Pligg plugs security holes
Posted by l33tdawg on Thursday, December 03, 2009 - 12:48 AM (Reads: 156)
| |
Source: Internet News
Pligg, which is an open source attempt at a Digg-like social networking voting site application is being updated this week for some serious security vulnerabilities.
As opposed to many other vendors/projects which typically release an update alongside security advisories, that's not the case with the new Pligg 1.0.3 release. The full security advisory isn't coming out until tomorrow (Dec 2) giving Pligg users (and there are a whole lot of them) a running head start on potential attacks.
Security researchers from firms big and small have been saying for the last few years that it is web applications that pose the greatest security risk to users. That's because an attacker only need take advantage of one site to infect potentially thousands of the infected site's users.
[ ]
| |
Brown's young son behind Twitter gobbledegook
Posted by l33tdawg on Thursday, December 03, 2009 - 12:47 AM (Reads: 145)
| |
Source: BBC
Sarah Brown's Twitter followers were baffled earlier when the PM's wife "tweeted" a random set of letters.
Fellow tweeters suggested a cat might have got to the keyboard or she may have accidentally sat on her phone. But it appears one of her young sons got to the keyboard as, an hour later, Mrs Brown explained "junior tweet interference" was to blame.
Mrs Brown's "tweets" on campaigning issues and visits have proved popular, with 987,460 followers.
But on Tuesday afternoon viewers were greeted by the short message "fvdfzsrsazxzzxcvbnmadgfhjjkqwrtyuuuiop".
[ ]
| |
Hackers cash in on Chinese gaming craze
Posted by l33tdawg on Thursday, December 03, 2009 - 12:46 AM (Reads: 169)
| |
Source: Asia One
THE craze in online games among Chinese netizens is fuelling an increasingly lucrative real-world market for computer hackers, security firms have said.
"There is a huge underground market and major revenue comes from selling game accounts or virtual items stolen from hijacked computers," said Mr Zhang Yumu, vice-president of Beijing Rising International Software, one of China's largest security firms.
A report by state broadcaster CCTV said Trojan-horse attacks, which allow hackers remote access to a targeted computer system, make up a market expected to be worth 10 billion yuan (S$2 billion) this year. The report cited a hacker saying he could get hundreds of thousands of yuan every month by hacking into computers and stealing the users' personal information and game accounts.
[ ]
| |
Windows 7 10-in-1 Ultimate Steve Ballmer Signature Edition Sold on USB Flash Drives
Posted by l33tdawg on Thursday, December 03, 2009 - 12:45 AM (Reads: 202)
|
Source: Softpedia News
Hackers have one up on Microsoft when it comes down to the distribution of the latest iteration of the Windows client. Pirated copies of Windows 7 RTM are not only available for download in the wild, from various BitTorrent trackers and warez websites, but also sold in bootlegged DVD packages, and according to the latest reports, even pre-loaded on USB Flash drives. It is the case of Windows 7 10-in-1 Ultimate Steve Ballmer Signature Edition, obviously a counterfeit copy of Windows Vista’s successor.
Chinese website Tech.163 (via WinFuture) claims that the USBs preloaded with the pirated version of Windows 7 Ultimate Steve Ballmer Signature Edition, passed as a new, but also inexistent 10-in-1 SKU, is available for sale in Shenzhen, SEG Plaza. It is clear that the packaging is a rip of the genuine Windows 7 RTM Ultimate Steve Ballmer Signature Edition which Microsoft shipped for free to users that hosted launch parties for the operating system around the October 22nd General Availability date. However, the 10-in-1 reference is not associated in any way with the Redmond company’s latest version of Windows.
[ ]
| |
|
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· 9sg_adobe_illuso.txtAdobe Illustrator CS4 version 14.0.0 encapsulated postscript (.eps) overlong DSC comment buffer overflow exploit.
· dsa-1945-1.txtDebian Linux Security Advisory 1945-1 - Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files.
· dsa-1944-1.txtDebian Linux Security Advisory 1944-1 - Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user's RT session.
· dsa-1943-1.txtDebian Linux Security Advisory 1943-1 - It was discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
· MDVSA-2009-121-1.txtMandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little cms. This update provides fixes for these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.
· ysts2010-cfp.txtThe 4th edition of YSTS (You Shot The Sheriff) has announced its call for papers. It will be held in Sao Paulo, Brazil on May 17th, 2010.
· secunia-roxio.txtSecunia Research has discovered a vulnerability in Roxio Creator, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error when allocating memory for an image based on its dimensions and can be exploited to corrupt memory via a specially crafted image. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 9.0.136. Other versions may also be affected.
· secunia-lateral.txtSecunia Research has discovered a vulnerability in Lateral Arts Photobox uploader ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when parsing URLs. This can be exploited to cause a stack-based buffer overflow via an overly long string assigned to a number of properties (e.g. LogURL , ConnectURL , SkinURL , AlbumCreateURL , ErrorURL , and httpsinglehost ). Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. The vulnerability is confirmed in version 2.2.0.6. Other versions may also be affected.
Topics
· All topics
· AMD News (Nov 13, 2009)
· Apple News (Dec 03, 2009)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Nov 19, 2009)
· Encryption (Nov 17, 2009)
· Games (Dec 03, 2009)
· Hardware (Dec 03, 2009)
· HITB News (Nov 30, 2009)
· Industry News (Dec 03, 2009)
· Intel News (Dec 03, 2009)
· Law and Order (Dec 03, 2009)
· Linux (Oct 30, 2009)
· Microsoft (Dec 03, 2009)
· Networking (Dec 03, 2009)
· PDAs (Feb 09, 2007)
· Privacy (Dec 03, 2009)
· Red Hat (Nov 18, 2009)
· Science (Nov 29, 2009)
· Security (Dec 03, 2009)
· Software & Programming (Dec 03, 2009)
· Spam (Nov 16, 2009)
· Technology (Nov 29, 2009)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Dec 03, 2009)
· Wireless (Nov 29, 2009)
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
Re: Windows 7 reviews