Top 20 of the Last 2 Weeks
|
Unu hits Kaspersky a second time with SQL injection
Posted by l33tdawg on Friday, December 11, 2009 - 04:05 AM (Reads: 397)
|
Source: The Tech Herald
Unu, who has gained a good deal of attention lately, is known for his vulnerability disclosures that center on SQL Injection. In his latest adventures, he returns to a vendor he has targeted in the past, security software specialist Kaspersky.
In February, Unu went public on HackersBlog and disclosed the SQL Injection flaws he had discovered on Kaspersky’s USA portal. The flaws, which led to complete access to users, activation codes, lists of bugs, admins, shopping, etc., were quickly patched, and Kaspersky was quick to point out that, “despite their attempts, the hackers were unable to gain access to restricted information stored on the website. Claims by the hackers responsible for the attack that they had managed to gain access to user data are untrue.”
In response to those claims, we interviewed Unu shortly after Kaspersky issued them.
[   ]
| |
Hackers puts the shine on Chrome OS
Posted by l33tdawg on Friday, December 11, 2009 - 04:02 AM (Reads: 309)
|
Source: India Times
Less than two weeks ago, the source code for Google’s Chrome OS was released on November 19, 2009 under open source licensing as Chromium OS. It took less than a day, for the first hacked Chrome OS developer build to go live on the Internet. Very soon it got torrented and hosted, courtesy of a geek celeb who goes why the name of Hexxeh.
The first build required 4GB, but a new and vastly improved ‘diet build’ is now available as a 300MB direct download, it extracts to a 950MB image that can run off a USB stick.
The OS is also available as a torrent on PirateBay, and lots of other trackers. What’s more, support is vastly improved in the newer builds. The minimalist OS can do nothing other than browse the Internet, eliciting snide remarks from a Linux fanbase. “Basically you get a Linux OS that can do nothing but look at Web pages.” But that misses the point.
[ ]
| |
XBMC grows up: D-Link unveils killer Boxee box
Posted by l33tdawg on Friday, December 11, 2009 - 04:00 AM (Reads: 288)
|
Source: APC Mag
Boxee, a long-developing media centre platform known amongst media centre hackers for its ability to run on Apple's Apple TV media player as well as Windows, Mac, and Linux computers, has hit the big time after securing a product deal with home networking bigshot D-Link.
The seemingly redundantly-named 'Boxee Box', due in the first half of 2010 , will be made by D-Link and feature a hardware-based implementation of Boxee, which recently progressed from alpha to beta release and will, based on D-Link's stated release schedule, reach 1.0 stage early next year.
[ ]
| |
Top 15 most common attacks in IT security
Posted by l33tdawg on Friday, December 11, 2009 - 03:59 AM (Reads: 407)
| |
Source: SC Magazine (UK)
The 15 most common attacks in 2009 have been detailed by Verizon Business.
In its ‘An Anatomy of a Data Breach' report, its authors have tapped the company's detailed investigative records to identify, rank and profile the most common attacks. In total, the report details nearly 150 ways to detect and combat security threats.
It listed the top five most common security attacks as: keylogging and spyware; backdoor or command/control; SQL injection; abuse of system access/privileges; and unauthorised access via default credentials.
[ ]
| |
10 Email Security Lessons To Be Learned From Climategate
Posted by l33tdawg on Friday, December 11, 2009 - 03:59 AM (Reads: 253)
| |
Source: eWeek (Europe)
As the United Nation’s Climate Change Conference, or COP 15, in Copenhagen, Denmark, gets under way this week, the summit has been muddied a bit by the details found in scientists' stolen emails. The emails contain information that has given those who believe global warming concerns are overblown a new lease on life. They are now supporting their opinions with those details. And all the while, the heated debate over global warming is becoming even more divided.
But there are valuable lessons to be learned from the stolen emails. No, this won't be a discussion on global warming or climate change – that’s a debate for another day in another place. It will be a discussion on what can be learned from this incident to ensure that employees or consumers with sensitive information in their email won't fall victim to those planning to steal information.
That said, it's important to note that no security plan will be absolutely effective. Sometimes, data is stolen. But the fact that scientists themselves didn't have proper security conditions in place to safeguard their email points to a dangerous trend: We just don't secure our email as well as we should. So let's take a look at some of the lessons learned from the stolen data and how we can protect our own email going forward.
[ ]
| |
Will the Earth expire by 2050?
Posted by l33tdawg on Friday, December 11, 2009 - 03:58 AM (Reads: 228)
|
Source: The Daily Star
The World Wildlife Fund claims that the Earth will become uninhabitable by 2050. Our planet has been badly abused, and it has been dying a slow death. The Earth will face extinction in roughly forty years, which is sooner than a child born today enters midlife crisis.
So, the news is bleak for those who are working hard to build the future of their children, and for all those ambitious people who have grandiose plans for their future. Why bother about interior decoration if the house is burning? There may not be any future left in the future. The Earth is dying.
Signs are there in escalating global warming. There has been drastic reduction in rainfall. Rivers are shrinking. Satellite photos show Greenland ice sheets in full-fledged meltdown. A large portion of Bangladesh is likely to go under water. In US much of Manhattan and eastern shore of Maryland could be washed into the Atlantic Ocean. Pacific island nations will be blotted out. Hurricanes will ravage the Earth. Rising sea levels and severe droughts will destroy crops. Widespread famine will wreak havoc with starvation and death.
[ ]
| |
HP patches OpenView vulnerabilities
Posted by l33tdawg on Friday, December 11, 2009 - 03:57 AM (Reads: 159)
| |
Source: IT World (Canada)
Hewlett-Packard Co. has issued a number of patches for a component in its OpenView software package. The company advises administrators to apply the patches immediately, given the severity of the vulnerabilities. The HP OpenView Network Node Manager (OV NNM) has 12 buffer overflow vulnerabilities that an attacker could exploit to execute arbitrary code and even gain system control.
"The technical characteristics of these vulnerabilities (simple overflows with attacker controlled data) make them prime targets for exploitation," said Aaron Portnoy, a researcher at the network security firm TippingPoint who found some of the vulnerabilities. TippingPoint is a division of 3Com. HP announced plans to acquire 3Com last month.
Only OV NNM versions 7.01, 7.51 and 7.53 that run on HP-UX, Linux, Solaris or Microsoft Windows are vulnerable. The company has issued a patch for version 7.53 of the software. Users of the older affected versions of the software are encouraged to upgrade to 7.53 and apply the patch.
[ ]
| |
Data Nerds Hack NASA (In a Good Way)
Posted by l33tdawg on Friday, December 11, 2009 - 03:54 AM (Reads: 186)
|
Source: Wired
A bunch of data nerds from inside and outside NASA will gather at a house in Cupertino, California called the Rainbow Mansion this Saturday to hack through the agency’s data jungles.
The event isn’t NASA-sponsored. None of the bureaucracy is involved at all. Instead, the event is being coordinated by a small group of people who just love the space program and want to help open up the agency’s troves of information.
“If we can build cool prototypes and demos and proofs-of-concept, other people will see that it’s not that hard,” said the event’s co-host Jessy Cowan-Sharp, a NASA contractor and proprietor of OpenNASA.com. “Maybe then it will be adopted inside NASA.”
[ ]
| |
Facebook users unwittingly spread Koobface worm
Posted by l33tdawg on Friday, December 11, 2009 - 03:54 AM (Reads: 215)
|
Source: USA Today
Facebook users are being targeted by a nasty new version of the Koobface worm -- dubbed Koobface.GK -- that compels its victims to manually participate in creating a new Facebook account to help spread the worm.
The attackers are posting malicious links on Facebook wall pages enticing folks to click on a cutesy Christmas video. Attempts to play the video turns over control of the PC to the attacker, says PandaLabs researcher Sean-Paul Correll. The victim next sees a Windows warning message requiring them to solve a CAPTCHA puzzle within three minutes.
A timer ticks down. If the puzzle goes unsolved after three minutes, the PC freezes up. Rebooting won't help. The CAPTCHA puzzle will reappear. The only way to end the loop is to solve the CAPTCHA. The victim can then use his or her machine as normal. But the attacker still has control.
[ ]
| |
Symantec CEO: We don’t employ hackers
Posted by l33tdawg on Friday, December 11, 2009 - 03:53 AM (Reads: 208)
| |
Source: Computer World
Ethical hacking has a definite role to play in keeping businesses secure, according to the Symantec’s CEO Enrique Salem, but the company will not hire known hackers to carry out the service.
Responding to Computerworld questions at a media conference in Sydney, Salem said the issue of hackers playing both ethical ‘white hat’ roles as well as criminal ‘black hat’ roles to become effectively ‘grey hats’ was an issue in the security industry.
“You always worry about [grey hats]. Symantec has a standing policy that we don’t hire anyone to be a part of our company who has done any kind of known hacking,” he said. “We will not employ hackers.” Despite the policy of not employing active hackers, the company still had strong internal resources to keep up with new threats developed by black hats, Salem said
[ ]
| |
Chinese surfers in download rush before Bit Torrent sites close
Posted by l33tdawg on Friday, December 11, 2009 - 03:47 AM (Reads: 158)
| |
Source: Sina.com
Beijing Internet users are scrabbling for downloads from BitTorrent (BT) websites following speculation that authorities will shut them down as early as this week.
"My roommates were shocked to hear VeryCD is going down," Huang Shan, a 20-year-old college student told China Daily in reference to a major BT website. "I may never be able to download Hollywood movies or classical records again."
VeryCD went offline yesterday afternoon due to a technical failure, Dai Yunjie, co-founder of the website, posted on Sina.com, and a notice that appeared yesterday evening on the website log-on page read service may resume Thursday noon. Internet experts told China Daily the failure might be caused by an overload of users seeking last-minute free downloads.
[ ]
| |
Apple's universal iPhone, iPod dock concept detailed in filing
Posted by l33tdawg on Friday, December 11, 2009 - 03:46 AM (Reads: 200)
|
Source: Apple Insider
Apple may be developing a universal dock which can conform to the shape of the object being charged, thus eliminating the need for separate chargers and adaptors when switching between products.
A universal dock for the iPod/iPhone was revealed in a patent application published Thursday. The dock's main feature is its ability to change forms to accommodate a variety of devices using an elastic, sponge-like substance that conforms to the shape of the device being charged.
The sponge-like substance would be able to retain its shape between uses or could be reset using a button placed on the front of the dock for use with a different device. This would eliminate the current problem of differing generations of iPods/iPhones needing adapters to fit into certain docks and chargers.
[ ]
| |
Malaysia’s MOL Global buys Friendster
Posted by l33tdawg on Friday, December 11, 2009 - 12:05 AM (Reads: 224)
| |
Source: FT.com
Friendster, the site that pioneered social networking early in the decade, is being acquired by a Malaysian online payments provider, bringing to an end one of the stranger dotcom sagas.
While its star has faded in the US and Europe, Friendster is popular in south-east Asia. MOL Global said it hoped to pair its retail partners and payment platform with Friendster’s large regional network to create a content, distribution and commerce network. Terms of the deal were not released, but MOL is expected to pay at least $100m for the site.
California-based Friendster, founded in 2001, popularised social networking in the US. For a time it was among the hottest groups in Silicon Valley, attracting venture capitalists such as John Doerr to its board. But it struggled to win mainstream adoption. Outages plagued the site, which was often slow.
[ ]
| |
Hackers find a home in Amazon's EC2 cloud
Posted by l33tdawg on Friday, December 11, 2009 - 12:00 AM (Reads: 204)
| |
Source: Computer World
Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon's EC2 cloud computing infrastructure.
This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity, according to Don DeBolt, director of threat research with HCL Technologies, a contractor that does security research for CA. The hackers didn't do this with Amazon's permission, however. They got onto Amazon's infrastructure by first hacking into a Web site that was hosted on Amazon's servers and then secretly installing their command and control infrastructure.
DeBolt declined to say whose Web site was hacked to get onto Amazon's cloud, but the Zeus software has now been removed, he said. Zeus is a password-stealing botnet. Variants of this malware have been linked to more than US$100 million in bank fraud in the past year.
[ ]
| |
IT careers: Retire? How about never?
Posted by l33tdawg on Friday, December 11, 2009 - 12:00 AM (Reads: 202)
| |
Source: Computer World
For as long as he could remember, Ben Richardson had big plans for an early retirement.
Passionate about computers, but anxious to leave the confines of a desk job, Richardson, a technical adviser in database services for CVS/Caremark, had prepped for a host of post-tech alternatives even as he met the demands of his IT career.
He took classes and labored on business plans, dreaming of the time when he would be able to retire from IT and pursue his love of what he calls "blue-collar hobbies." He thought he might teach school, start an HVAC business or even get into general contracting and welding. "I wanted to spend more time outside and get healthy," Richardson explains. "Sitting in a chair for 30 years takes its toll."
[ ]
| |
Oracle Defends Planned Sun Deal at EC Hearing
Posted by l33tdawg on Friday, December 11, 2009 - 12:00 AM (Reads: 162)
| |
Source: Yahoo! News
Oracle is expected to portray its planned acquisition of Sun Microsystems, and more specifically of Sun's MySQL unit, as a procompetitive move necessary to balance the might of Microsoft in the low end database market during a two-day hearing in Brussels that opened Thursday.
The hearing is being hosted by Europe's top antitrust authority, the European Commission, which last month declared its opposition to the deal on grounds that it would cause a serious reduction of competition in the market for computer databases.
Oracle and the Commission appeared to have reached an impasse concerning MySQL ahead of the hearing. However, competition commissioner Neelie Kroes Wednesday expressed optimism about brokering that will not harm competition.
[ ]
| |
Storing Your Data on the Internet: Ignorant and Silly
Posted by l33tdawg on Friday, December 11, 2009 - 12:00 AM (Reads: 204)
| |
Source: OS News
Now that everything is moving to the cloud internet, you might think that data loss is a thing of the past. Sadly, as the past few months have taught us, this actually isn't true; we first had the Microsoft/Danger disaster, and now we have Palm and Sprint facing a class-action lawsuit over data loss for webOS phones. All this raises the question: how safe is it to store your precious data on the internet, and do you really trust the internet?
In the Microsoft/Danger disaster, it turned out to be not as bad as everyone (including the involved parties themselves) had thought; Microsoft was still able to recover the lost data, meaning that users still got their stuff back. Still, I'm sure Sidekick owners were less than pleased.
[ ]
| |
Electromagnetic Fields as Cutting Tools
Posted by l33tdawg on Friday, December 11, 2009 - 12:00 AM (Reads: 171)
| |
Source: Science Daily
Squealing tires and the crunch of impact -- when an accident occurs, the steel sheets that form a motor vehicle's bodywork must provide adequate impact protection and shield its passengers to the greatest extent possible. But the strength of the steels that are used throw up their own challenges, for example when automobile manufacturers have to punch holes in them for cable routing.
Struggling to pierce the hard steel, mechanical cutting tools rapidly wear out. And because they also leave some unwanted material on the underside of the steel (burr, as the experts call it), additional time has to be spent on a finishing process. One possible alternative is to use lasers as cutters, but they require a great deal of energy, which makes the entire process time-consuming and costly.
[ ]
| |
Microsoft finally open sources Windows 7 tool
Posted by l33tdawg on Friday, December 11, 2009 - 12:00 AM (Reads: 196)
|
Source: Arstechnica
Microsoft has open sourced the Windows 7 USB/DVD Download Tool (WUDT) by releasing it under the GPLv2 license. The code is now available on CodePlex, Microsoft's Open Source software project hosting repository, over at wudt.codeplex.com. The actual installer for the tool is now again available for download at the Microsoft Store (2.59MB).
If you've got a good memory, the size might surprise you as the closed source version of the tool was only 946KB (we kept the old installer for the sake of comparison). When we compared the two tools side-by-side, the only difference we noticed was that the "Terms of use" link is no longer present in the GUI (we didn't really expect to see much more, as the size difference is really due to the included source code). Microsoft explains that while the user experience of the tool has not changed, the install involves additional steps.
[ ]
| |
Heartland data breach lawsuit dismissed
Posted by l33tdawg on Friday, December 11, 2009 - 12:00 AM (Reads: 145)
|
Source: CNet News
A lawsuit filed against Heartland Payment Systems over what is believed to be the biggest data breach in U.S. history has been dismissed.
The lawsuit was filed in January against Heartland by shareholders who alleged that Heartland failed to adequately safeguard the compromised consumer data and did not notify consumers about the breach in a timely manner as required by law.
The U.S. District Court for the District of New Jersey granted Heartland's motion to dismiss the lawsuit on Monday, Heartland said in a statement on Wednesday. The court said the plaintiffs had not proved their allegations that Heartland executives knew the company had inadequate security and misled the public about it, according to a report on Storefront Talkback.
[ ]
| |
|
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· mobiusft-0.5.tar.gzMobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
· sam_web_edition_0_6_0.tar.gzSAM is a Real-Time Snort alert monitor. SAM provides many ways to indicate that you may be experiencing an intrusion attempt on your network including audio/visual warnings, email warnings, etc. SAM is written in Java for maximum portability.
· USN-870-1.txtUbuntu Security Notice 870-1 - Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL's safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL's escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a database connection, to maintain backwards compatibility, pg.escape_string() and pg.escape_bytea() are still available, but applications will have to be adjusted to use the new pyobj.escape_string() and pyobj.escape_bytea() functions. For example, code containing: import pg connection = pg.connect(...) escaped = pg.escape_string(untrusted_input) should be adjusted to use: import pg connection = pg.connect(...) escaped = connection.escape_string(untrusted_input)
· zeejob-xss.txtZeeJobSite version .3x suffers from a cross site scripting vulnerability.
· MDVSA-2009-330.txtMandriva Linux Security Advisory 2009-330 - Multiple vulnerabilities have been found and corrected in kdelibs. This update provides a solution to this vulnerability.
· MDVSA-2009-331.txtMandriva Linux Security Advisory 2009-331 - Multiple vulnerabilities have been found and corrected in kdegraphics.
· netflow-dos.txtThe NetFlow Analyzer 7 Professional Plus suffers from a remote looping denial of service vulnerability.
· cybsec-sapstartsrv.txtAll SAP platforms running sapstartsrv suffer from a denial of service vulnerability.
Topics
· All topics
· AMD News (Nov 13, 2009)
· Apple News (Dec 11, 2009)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Nov 19, 2009)
· Encryption (Nov 17, 2009)
· Games (Dec 07, 2009)
· Hardware (Dec 11, 2009)
· HITB News (Nov 30, 2009)
· Industry News (Dec 11, 2009)
· Intel News (Dec 08, 2009)
· Law and Order (Dec 11, 2009)
· Linux (Dec 11, 2009)
· Microsoft (Dec 11, 2009)
· Networking (Dec 04, 2009)
· PDAs (Feb 09, 2007)
· Privacy (Dec 11, 2009)
· Red Hat (Nov 18, 2009)
· Science (Dec 11, 2009)
· Security (Dec 11, 2009)
· Software & Programming (Dec 11, 2009)
· Spam (Nov 16, 2009)
· Technology (Dec 09, 2009)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Dec 11, 2009)
· Wireless (Dec 08, 2009)
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
Re: Boot from USB