http://conference.hackinthebox.org/hitbsecconf2010dxb/



hackinthebox
 ::  hitb portal  ::  hitb portal (SSL)  ::  hitb forum (SSL)  ::  hitb security conference  ::  hitb training ::  hitb irc  ::  hitb photos  ::  hitb videos :: 

HITB Search:
Who's Online
There are 191 unregistered users and 0 registered users on-line.

You can log-in or register for a user account here.



Main Menu

Top Stories for Today
[101] The 10 best antivirus software suites
[92] Nokia N900 Gives Up some Secrets
[88] Microsoft IE exploit code unreliable, but more coming
[87] 4 Cheap Options to Monitor Networks for Evidence
[83] Chromium OS, Moblin, Ubuntu Netbook Remix Benchmarks
[75] Five ways to lose your identity (and wallet) this holiday season
[73] China warns of a new virus
[72] Hacked climate e-mails awkward, not game changer
[71] iPhone worm hjacks ING customers
[63] Telcos to FCC: give us billions, but don't make us share lines
[63] Is federal stimulus money being used for IT hardware, not hiring?
[62] Why Filtering and Reputation Schemes Are Not Enough
[61] 'Technical issue' downs eBay search over weekend

View the Top 50 articles

Top 20 of the Last 2 Weeks

E-Zine Archive

Past Articles
Monday, November 23
·Ebay closes Skype sale (0)
·McAfee warns about '12 Scams of Christmas' (0)
·Will the 'smartbook' be a better Netbook? (0)
·Malware attackers reloading for Windows 7 assaults (0)
·5 steps to secure your data center (0)
·Internet Serves as Springboard for Attacks on US Military (0)
·Internet Explorer exploit published online (0)
·EU security agency highlights cloud computing risks (0)
·IPCC Researchers Admit Global Warming Fraud (0)
·Three Charged For Comcast Security Breach Last Year (0)
·Google OS: the end of the hard drive? (0)
·Confidential Climate Change E-mails hacked ahead of Copenhagen Meeting (0)
Friday, November 20
·An introduction to the FBI's anti-cyber crime network (0)
·Can Adobe Beat Back the Hackers? (1)
·Hack brings 10.6.2 back to Atom processors (0)
·Security-Assessment Uncovers DSL Vulnerabilities (0)
·FAA identifies computer error that caused delays (0)
·Computers get second life at BBA hardware lab (0)
·Federal officials say U.S. can stop only 4 of every 5 cyber attack (0)
·3 Basic Steps to Avoid Joining a Botnet (0)
·10 Lessons Google Must Learn About OS Security (0)
·Potential Fix for Banned Xbox 360s (0)
·Hackers to sharpen malware, malicious software in 2010 (0)
·Microsoft's Mobile OS is Losing Marketshare to Apple, RIM (0)
·Mozilla not interested in building a Firefox OS (0)
·AOL slashes staff number by a third (0)
·IT Salaries and the Law of Supply and Demand (0)
·Thierry Henry's Wikipedia page defaced (0)
·eBay Founder Starting Online News Site (0)
·How to Carry Out Successful Cloud Governance and Adoption (0)
 Older articles

Hosting Provided By

Microsoft IE exploit code unreliable, but more coming
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 88)
Source: Network World



Symantec Monday said the Internet Explorer zero-day exploit code published over the weekend does not work Symantec Monday said the Internet Explorer zero-day exploit code published over the weekend does not work reliably but that a better written version is likely on the way.

The Symantec Security Response division also said its research reveals that the exploit works on IE6 and IE7 and there is no reason yet to suspect that it works on other versions of the browser. Those two versions, however, comprise nearly 40% of the browsers in use today.

Symantec said that the affected Windows platforms running IE6 or IE7 include XP, Vista, 2000 client and server and 2003 server. Symantec is testing other versions of Windows to see if they are vulnerable when running IE6 or IE7.

[ Printer-friendly page Send this story to someone ]

Hacked climate e-mails awkward, not game changer
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 72)
Source: Reuters



Revelation of a series of embarrassing e-mails by climate scientists provides fodder for critics, but experts believe the issue will not hurt the U.S. climate bill's chance for passage or efforts to forge a global climate change deal.

Already dubbed "Climategate," e-mails stolen from a British university are sparking outrage from climate change skeptics who say they show that the scientists were colluding on suppressing data on how humans affect climate change.

The e-mails, some written as long as 13 years ago, ranged from nasty comments by global warming researchers about climate skeptics to exchanges between researchers on how to present data in charts to make global warming look convincing.

[ Printer-friendly page Send this story to someone ]

Why Filtering and Reputation Schemes Are Not Enough
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 62)
Source: Business Solutions



Web 1.0, with its static pages, provider-centric content and thou-shall-click-and-have-a-sip browsing, is so Paleozoic. In the lingo of the new web-savvy, ‘Twitter-centric' generation, Web 1.0 is "so yesterday."

Web 2.0 is a natural evolution where it is all about the user. It can be summed up as a service platform where localized, user-centric content (both tailored and contributed by the user and for the user), instant-response browsing (through client-side scripting), and simple, integrated services are all available at the user's fingertips. It does not matter where data is sourced, gathered, or aggregated as long as it is relevant and presented to the end user. Web 2.0 is a platform of collective intelligence and focuses on soliciting and providing relevant data to empower the end user. Companies that invest in Web 2.0 can bank on a greater competitive edge.

[ Printer-friendly page Send this story to someone ]

4 Cheap Options to Monitor Networks for Evidence
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 87)
Source: IDG (Norway)



Computer forensics don't have to solely focus on recovering and searching for evidence on storage devices. Although programs like Encase and FTK 3.0 are excellent tools to help find documents, photographs and other files for your investigation, they cut short on collecting network traffic your suspect sends and receives.

Viewing stored URL visits and local cache only paint a limited picture of the suspect's Internet usage and sometimes amount to the same as reading tea leaves. A document opened online, an incriminating instant message or even a VOIP call can and should be forensically captured and reviewed for your investigations.

[ Printer-friendly page Send this story to someone ]

The 10 best antivirus software suites
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 101)
Source: Tech World



Antivirus software is essential to protect your computers from security threats such as spyware and hackers. But there is a wide range of antivirus software out there, all promising to protect your computer systems at a reasonable price. If you are selecting antivirus software for your company, there are a number of questions you must address: how well the antivirus software protects your PC, how easy is it to use, and if something goes wrong will you be left out in the cold?

This review compares some of the best antitrust software products.

[ Printer-friendly page Send this story to someone ]

Nokia N900 Gives Up some Secrets
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 92)
Source: Phones Review



If you are under the impression that you know all about the Nokia N900 smartphone, you may be wrong, as according to an article over on fonehome there are several handy titbits which they have come across while handling the Nokia N900.

So here they are…apparently the Nokia N900 can make free calls via Skype on the Nokia N900 naturally and as long as the other person is also using Skype. The they found that the Maemo 5 operating system updates come via OTA so cuts out the necessity of cables.

Next the Nokia N900’s 5 megapixel camera enables the user to tweak snaps after taking them, so the user can geo-tag, crop, zoom, and clear red0eye all by one simple touch of the finger. They found that Maemo 5 is a hacker’s dream as it’s based on Linux, and thus many developers won’t struggle to adapt.

[ Printer-friendly page Send this story to someone ]

iPhone worm hjacks ING customers
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 71)
Source: The Register (UK)



The second worm to infect jailbroken iPhone users reportedly targets customers of Dutch online bank ING Direct.

Surfers visiting the site with infected devices are redirected to a phishing site designed to harvest online banking login details, the BBC reports. ING Direct told the BBC it planned to warn users' of the attack via its website, as well as briefing front line call centre staff on the threat.

Mikko Hypponen, chief research officer at F-Secure, said the threat had in any case been neutralised. "It [the worm] was targeting ING. The websites it needed for this to work have now been taken down."

[ Printer-friendly page Send this story to someone ]

Five ways to lose your identity (and wallet) this holiday season
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 75)
Source: Computer World



The holiday season is almost here, and even in a recession huge numbers of people will likely be shopping online for gifts this year.

The rush by shoppers to the Web makes the season a great time for online retailers. It's also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online.

The growth of holiday hackers has annually prompted security analysts, identity theft awareness groups and various government agencies to come up with lists of precautions that consumers can take to avoid becoming a victim of online fraud. Such lists can prove a benefit to consumers, but unfortunately some people ignore it.

[ Printer-friendly page Send this story to someone ]

China warns of a new virus
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 73)
Source: The Inquirer



A PARTICULARLY NASTY computer virus has been discovered in China and the government there is warning that it could spread fast.

Although details of the Worm_Piloyd.B are fairly sketchy at the moment, it is unusual to get a virus warning from China before the rest of the world has caught it.

Surprisingly there have been no traditional messages of doom from the computer insecurity companies in Europe and the US, which normally are quick to play up the four horsemen of the apocalypse scenario about malware. The virus infects exe, html and asp files and if the user tries to restore the files they are blocked from doing so. Notification has come from the Tianjin-based National Computer Virus Emergency Response Centre.

[ Printer-friendly page Send this story to someone ]

Telcos to FCC: give us billions, but don't make us share lines
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 63)
Source: Arstechnica



It was a report that went right to the roots of United States broadband policy, so it should come as no surprise that it's getting hammered by the telecommunications industry.

Harvard's Berkman Center study of global broadband practices, produced at the FCC's request, is an "embarrassingly slanted econometric analysis that violates professional statistical standards and is insufficiently reliable to provide meaningful guidance," declares AT&T. The study does does nothing but promote the lead author's "own extreme views," warns a response from Verizon Wireless. Most importantly, it "should not be relied upon by the FCC in formulating a National Broadband Plan," concludes the United States Telecom Association.

Reviewing the slew of criticisms, Berkman's blog wryly notes that the report seems to have been "a mini stimulus act for telecommunications lawyers and consultants." (Interestingly, not everything the Berkman study observes is repugnant to the telcos—hint: big direct public subsidies.)

[ Printer-friendly page Send this story to someone ]

'Technical issue' downs eBay search over weekend
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 61)
Source: CNet News



eBay on Sunday confirmed that a "technical issue" had caused search queries on the auction site to be messed up over the weekend, resulting in limited or no search results. The company says that it's being cautious, though, and is holding back on some advanced search features until the issue is fully solved.

"We are happy to report that critical search functionality was restored overnight on Saturday and we are seeing normal activity levels today," a post on the company's eBay Ink blog read Sunday. "As part of our effort to restore critical search functionality as quickly as possible for sellers and for buyers, we have kept some secondary search features temporarily offline. This includes refining search by certain item specifics, such as color or clothing size, and having Store Inventory Format results included in the main search results."

[ Printer-friendly page Send this story to someone ]

Chromium OS, Moblin, Ubuntu Netbook Remix Benchmarks
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 83)
Source: Phoronix



Intel released Moblin 2.1 earlier this month, Canonical released Ubuntu Netbook Remix 9.10 late last month, and various other vendors have offered up their fall distribution refreshes too. Oh yeah, and Google just released the Chromium OS source code a few days ago! With all of the netbook-focused distribution updates, we found it time to run an onslaught of new benchmarks, comparing some of the leaders in this field along with running a couple full-blown desktop distributions for this round of Linux netbook benchmarking.

Here are our benchmarks, including the world's first look at the Chromium OS (Chrome OS) system performance from the latest development build. Covered is everything from the video playback performance to encoding to battery power consumption and CPU/memory usage tests.

[ Printer-friendly page Send this story to someone ]

Is federal stimulus money being used for IT hardware, not hiring?
Posted by l33tdawg on Tuesday, November 24, 2009 - 12:00 AM (Reads: 63)
Source: Computer World



As part of the economic recovery plan passed by Congress and signed into law earlier this year by President Obama, government agencies, private companies and non-profits are required to report the number of jobs created or saved by the stimulus package. Those job numbers are now available at Recovery.gov, and a sampling of them indicates that the money spent so far has been better for hardware than hiring.

Among the technology companies getting money from federal stimulus spending is Computer Sciences Corp. (CSC), which won two IT projects at NASA that total nearly $10 million. But no jobs are being created with that money.

[ Printer-friendly page Send this story to someone ]

XS4ALL discovers first malicious iPhone worm
Posted by l33tdawg on Monday, November 23, 2009 - 07:13 AM (Reads: 372)
Source: The Register (UK)



A Dutch internet service provider has identified a worm that installs a backdoor on jailbroken iPhones and makes them part of a botnet.

The worm, according to XS4ALL, targets jailbroken iPhones whose owners have carelessly failed to change the default password. In addition to connecting to a Lithuanian master command channel, it also changes the root password for the device, making it harder for owners trying to regain control. Infected iPhones are also tagged with a unique ID number.

"A number of customers with jailbroken phones have been found running unknown software on their phones which is trying to compromise other iPhone users at other telecommunications providers," the XS4ALL advisory stated. "XS4ALL strongly advises caution against jailbreaking if you are not fully aware of the potential risks to your privacy and security."

[ Printer-friendly page Send this story to someone ]

Intel Wants to put a Chip in Your Brain
Posted by l33tdawg on Monday, November 23, 2009 - 07:12 AM (Reads: 236)
Source: Maximum PC



Anyone who follows Intel closely knows that they don’t just pump out high end CPU’s, but they actually dedicate entire teams to “pie in the sky” ideas of what future technologies might look like. This could be anything from an x86 cluster of CPU’s to render video, or in this case, using your brain to control a computer. It may sound farfetched, but its something Intel and its researchers have been actively studying for sometime now.

Currently scientists are focusing on how the brain reacts when interacting with a computer, and then learning ways to interpret this data to execute commands on the machine. The idea here is to allow your thoughts to take over for your mouse and keyboard. Intel is of the belief that an implant would make this easier, though I’m not entirely sure how many volunteers they are going to get with that idea. “Eventually people may be willing to be more committed… to brain implants" said Intel’s Vice-President of future Technology, Andrew Chien. "Imagine being able to surf the Web with the power of your thoughts”

[ Printer-friendly page Send this story to someone ]

New Bios attack renders anti-virus useless
Posted by l33tdawg on Monday, November 23, 2009 - 07:12 AM (Reads: 1337)
Source: v3.co.uk



A new form of attack that installs a rootkit directly onto a computer's Bios system would render anti-virus software useless, researchers have warned.

Alfredo Ortego and Anibal Sacco of Core Security Technologies explained that the attack is possible against almost all types of common Bios systems in use today. The researchers devised a 100-line Python script that could be flashed onto the Bios to install a rootkit. Because the Bios software activates before any other program on a computer when it starts up, normal anti-virus software would be unable to detect it.

"We tested the system on the most common types of Bios," said Ortega. "There is the possibility that newer types of Extensible Firmware Interface Bios may be resistant to the attack, but more testing is needed."

[ Printer-friendly page Send this story to someone ]

Verified by Visa phishing attack spotted
Posted by l33tdawg on Monday, November 23, 2009 - 07:10 AM (Reads: 229)
Source: PC Authority (Australia)



Security experts warned today that the Verified by Visa online authentication scheme has become the latest lure used by phishers hoping to harvest personal information from unsuspecting shoppers.. The scam begins with users being sent an email inviting them to join the scheme, but clicking on the link takes them to a fake site (see screenshot below).

Andrew Brandt, a malware researcher at Webroot, explained in a blog post that the site then requests "all the information you gave the card-issuing bank at the time you first signed up for the credit card".

"That's Red Flag number one, but it's worth repeating. In a real sign-up form for Verified by Visa, you won't be asked to provide your mother's maiden name, social security number, birth date, or any other sensitive details that you wouldn't otherwise enter into a web-based order form while shopping online," he said.

[ Printer-friendly page Send this story to someone ]

Apple's Schiller Defends iPhone App Approval Process
Posted by l33tdawg on Monday, November 23, 2009 - 07:08 AM (Reads: 172)
Source: Business Week



Apple (AAPL) is under fire from some developers for the way it vets applications that can be sold on its online App Store. Facebook developer Joe Hewitt goes so far as to say he's "philosophically opposed" to the very notion of a company deciding which applications can and can't be used on its hardware. The presence of "gatekeepers" in software development "sets a horrible precedent," he says.

But in his first extensive interview on the subject, Phil Schiller, Apple's senior vice-president for worldwide product marketing, outlines the many reasons Apple keeps close tabs on which applications can be downloaded onto the iPhone and iPod Touch. He also outlined ways the company is trying to become more flexible in its approval process. "We've built a store for the most part that people can trust," he says. "You and your family and friends can download applications from the store, and for the most part they do what you'd expect, and they get onto your phone, and you get billed appropriately, and it all just works."

[ Printer-friendly page Send this story to someone ]

Japanese get storming fast 1Gbit/s internet
Posted by l33tdawg on Monday, November 23, 2009 - 07:07 AM (Reads: 212)
Source: Tech Radar



After so many reports about how slow UK broadband really is, this is kinda like rubbing salt into the wound, but we really do need to tell you that Japanese homes are about to get hooked up to 1Gbit/s fibre internet connections from next month.

The first gigabit-class FTTH service in the world will kick off on 1 October and is being offered by telco KDDI. Moreover, the company, which also owns number-two wireless carrier, au, isn't even charging that much for it.

[ Printer-friendly page Send this story to someone ]

Smoking may void Applecare warranty due to "health hazard"
Posted by l33tdawg on Monday, November 23, 2009 - 06:56 AM (Reads: 188)
Source: Apple Insider



Apple owners claim that their Applecare warranties have been refused due to "health risks of second hand smoke."

The Consumerist has reported that two separate readers have sent in accounts of being refused computer repair service due to the presence of damage related to smoking. The readers were reportedly told that computers with evidence of smoke damage could not be worked on because Apple considers them to be health hazards, and to have workers repair the computer would be an OSHA violation.

Employees at one Apple store reportedly told a customer that her computer was "beyond economical repair due to tar from cigarette smoke."

[ Printer-friendly page Send this story to someone ]

Login
 



 


 Log in Problems?
 New User? Sign Up!

Last 15 Postings to HITB Forum

Packet Storm Security Latest
· Bkis-13-2009.txt
e107 versions 0.7.16 and below suffer from cross site scripting and SQL injection vulnerabilities.
· krweb-rfi.txt
KR-Web versions 1.1b2 and below suffer from a remote file inclusion vulnerability.
· nukehall-rfi.txt
NukeHall versions 0.3 and below suffer from multiple remote file inclusion vulnerabilities.
· CORE-2009-0910.txt
Core Security Technologies Advisory - Autodesk Maya Script Nodes suffers from an arbitrary command execution vulnerability.
· CORE-2009-0909.txt
Core Security Technologies Advisory - Autodesk 3DS Max Application Callbacks suffers from an arbitrary command execution vulnerability.
· CORE-2009-0908.txt
Core Security Technologies Advisory - Autodesk SoftImage Scene TOC suffers from an arbitrary command execution vulnerability.
· styledll-mitigate.txt
This code is for a DLL that loads into Internet Explorer as a BHO and modifies MSHTML.DLL in memory to mitigate attempts by the getElementsByTagName Body Style vulnerability.
· iestyle-0day.txt
Microsoft Internet Explorer version 6 and 7 STYLE code execution exploit.

Topics
· All topics
· AMD News (Nov 13, 2009)
· Apple News (Nov 24, 2009)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Nov 19, 2009)
· Encryption (Nov 17, 2009)
· Games (Nov 13, 2009)
· Hardware (Nov 23, 2009)
· HITB News (Nov 04, 2009)
· Industry News (Nov 24, 2009)
· Intel News (Nov 23, 2009)
· Law and Order (Nov 23, 2009)
· Linux (Oct 30, 2009)
· Microsoft (Nov 20, 2009)
· Networking (Nov 23, 2009)
· PDAs (Feb 09, 2007)
· Privacy (Nov 24, 2009)
· Red Hat (Nov 18, 2009)
· Science (Nov 19, 2009)
· Security (Nov 24, 2009)
· Software & Programming (Nov 24, 2009)
· Spam (Nov 16, 2009)
· Technology (Nov 24, 2009)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Nov 24, 2009)
· Wireless (Oct 30, 2009)

Follow us
Join our Facebook Group

Follow us on Twitter

Follow our RSS feed


HITB Affiliates

Page created in 1.00305199623 seconds.
Page created in 1.00307512283 seconds.
Page created in 1.00309514999 seconds.