Fri, 09 May 2008 01:43:59 +0000 http://www.hackinthebox.org/ Hack In The Box Backend en-us http://www.hackinthebox.org/images/hitb.gif http://www.hackinthebox.org/ l33tdawg@hackinthebox.org http://www.hackinthebox.org/index.php?name=News&file=article&sid=26595 When Microsoft officials released a first test build of Internet Explorer (IE) 8 back in March, they said they were intentionally refraining from talking specifics about new security features and functionality that would be part of the next browser release. In the past few weeks, however, Microsoft has started providing more IE 8 security information via postings to the IE Blog. This week, Internet Explorer Program Manager Matthew David Crowley blogged about the changes Microsoft is making around ActiveX controls with the next release of its browser. Specifically, IE 8 users running on Vista will allow “standard” users to install ActiveX controls in their own user profile without requiring administrative privileges. Fri, 09 May 2008 01:43:59 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26594 Probably one of the most frustrating things that can happen to you in Windows is not being able to logon to your user account because you changed the password and then forgot it or because you accidentally deleted the account. If you don't know the password for any other Administrator account, you have a big problem! Most people immediately begin searching for a way to crack the Administrator account password using some free tools or hacks off forums. However, it's nearly impossible to crack a password on Windows Vista with the high level of encryption. Yet there is a way to get back into an account without having to crack the password. It's by using the System Restore feature built into Windows. Fri, 09 May 2008 01:43:19 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26593 China is refusing to guarantee that it won't censor the Internet during this summer's Olympic Games, but insists that the international media will still be able to function normally. Officials from China's Technology Ministry took a somewhat odd opportunity to speak about its censorship plans during a press conference after the Olympic torch relay crossed Mount Everest. They said that while the government would be able to "guarantee as much [access] as possible," there's no way that China would turn off the Great Firewall entirely during the Games. "China has always been very cautious when it comes to the Internet," Technology Minister Wan Gang said, according to Reuters. "I've not got any clear information about which sites will be shut or screened. But to protect the youth there are controls on some unhealthy web sites." Fri, 09 May 2008 01:42:20 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26592 HSBC BANK HAS lost a server from a branch in Hong Kong that contained the records of 159,000 customers. It is almost exactly a month since the bank lost a computer disc with the details of 370,000 UK life assurance customers. The admitted today that it lost a server last month, said the the Chinese Xinhua news wire. Fri, 09 May 2008 01:41:36 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26591 Microsoft (NSDQ: MSFT)'s Vista operating system is more susceptible to malware than Windows 2000, and though it's 37% more secure than Windows XP, it's still too vulnerable. "Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date," said Simon Clausen, CEO of PC Tools, in a statement. "However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight year old Windows 2000 operating system, and only 37% more secure than Windows XP." Fri, 09 May 2008 01:40:36 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26590 Within hours of its release, Microsoft (NSDQ: MSFT)'s Service Pack 3 for Windows XP began drawing hundreds of complaints from users who claim the update is wreaking havoc on their PCs. The problems with XP SP3, according to posters on Microsoft's Windows XP message board, range from spontaneous reboots to outright system crashes. "My external disks are having trouble starting up, which results in Windows not starting up," complained user Michael Faklis, in a post Wednesday. "After three attempts [to install XP SP3] with different configurations each time, System Restore was the only way to get me out of deep s**t," said 'Doug W'. Fri, 09 May 2008 01:33:18 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26589 It’s not just the US and UK who are crying foul over China's behaviour in cyberspace - now the government of tiny Belgium has accused hackers from the country of targeting its systems. Justice minister Jo Vandeurzen is reported to have claimed that the Federal Government had been targeted by Chinese hackers, backing up a separate statement by Belgium's foreign affairs minister, Karel De Grucht that his ministry had been hit by espionage in recent weeks. In both cases, the Belgians appear certain that the culprits were Chinese and that the Beijing authorities must know something about events, although no evidence has been offered to back up these allegations. The precise nature of the attacks has not been explained either. Fri, 09 May 2008 01:30:15 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26588 Hollywood wants SEK93 million (US$15.4 million) in damages for copyright infringement from the people behind The Pirate Bay, according to a claim filed by industry organization the Motion Picture Association this week. Pirate Bay is one of the most widely used BitTorrent trackers for music, movies and software, and a constant target for copyright enforcers, and occasionally even hackers. Previously the recording industry, computer game developers and local movie companies, have specified damages totaling SEK22 million. Fri, 09 May 2008 01:29:34 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26587 Police officers practice their firearm skills on a shooting range, so why shouldn't government computer security experts have the same kind of training ground? The Defense Advanced Research Projects Agency, or Darpa, on Monday issued a call for research proposals to develop the National Cyber Range, or NCR (NYSE: NCR), a virtual network environment for cyberwar simulation. n other words, Darpa wants to build something along the lines of The Matrix, Star Trek's holodeck, or a Snow Crash-style Metaverse to test cyberwar strategies and drill cyberwarriors. That's not to say Darpa is aiming for a visually immersive world to entertain people; rather, it wants a place to pit hackers against simulated machines. Fri, 09 May 2008 01:24:55 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26586 Yahoo is to follow Google's leads in highlight potential security risks in sites which show up in its search results. There are several differences between the two systems. Google highlights the most serious cases -- sites which exploit flaws in browser software and automatically download viruses -- with a warning. In Yahoo's case, the sites will automatically be deleted from the list of results. Fri, 09 May 2008 01:24:02 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26585 A British start-up company has developed an encryption technology to prevent people listening in on mobile phone calls. While voice encryption technology is already available from companies such as General Dynamics, Cellcrypt is hoping to carve a niche for itself by bringing the price down. "The traditional markets for these sorts of security tools were senior managers of companies and those in Government. But we're trying to tap into the larger enterprise market by bringing the price point down," says a Cellcrypt spokesperson. Thu, 08 May 2008 01:56:22 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26584 Police have arrested two Koreans and a Chinese man on suspicion of being part of a group of hackers who pilfered the personal information of some 10.81 million users of Auction, Korea’s largest e-marketplace, in early February. Chinese police are in pursuit of the main body of the group, one Chinese hacker and the Korean leader. The Cyber Terror Response Center of the National Police Agency on Wednesday said three of five people who hacked Auction -- a 46-year-old Korean identified as Yeo, a 33-year-old Korean named Kim, and a Chinese man named Wi -- were arrested by Chinese police in Shandong Province, China in late March. The Chinese man who actually did the hacking and the Korean chief who coordinated the scheme have not yet been caught. Thu, 08 May 2008 01:53:08 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26583 The latest indicators suggest there has been a massive slowdown in the number of companies looking for IT staff. According to figures from market watcher NTC Economics, the increasing demand for IT staff slowed dramatically in the first four months of 2008. NTC tracks the number of temporary and permanent jobs placed with recruitment agencies each month. In April 2007, those agencies were reporting huge increases in the number of IT and computing positions being placed with them. By April 2008, demand had slowed markedly, according to NTC. Thu, 08 May 2008 01:52:13 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26582 Among the many choices on Microsoft's table after the Yahoo deal fell apart, you have to admit that a wholesale buyout of social networking phenom Facebook would make some of the biggest waves. A tech industry blog published by Wall Street Journal reported this morning that Redmond's bankers had contacted Facebook leaders to "gauge their interest" in a buyout. Microsoft already holds a 1.6 percent stake in the social portal thanks to a $240 million investment last year, a ratio that would suggest a final price tag in the $15 billion range. Facebook has remained standoffish to such advances, and even the Journal sources who talked to the company think it will stay independent and eventually go public on its own. Thu, 08 May 2008 01:51:28 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26581 Germany's Innotek has released the final version of its VirtualBox for Apple's operating system. Since Sun Microsystems took over the German firm at the end of February, the software has been renamed "Sun xVM VirtualBox". It allows 32 and 64-bit operating systems to be used within a virtual machine (VM). VirtualBox can assign a maximum of 300 MB to a VM running on Mac OS X. One special feature in free for download VirtualBox, is the integrated VRDP Server, which provides access to a VM's screen via the network. You can even connect USB devices hooked up to a computer in your local network with a VM running on a different computer. Thu, 08 May 2008 01:50:34 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26580 Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday. Starting in mid-Feburary, Vietnamese users of Mozilla's open source Firefox browser were at risk of infection from malicious Trojan Horse code seemingly accidentally embedded in a language pack available on its Add-ons site. The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons. Thu, 08 May 2008 01:49:40 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26579 Despite mixed reactions from the security and software industry, the WabiSabiLabi software vulnerability auction site is doing well. This is according to strategic director Roberto Preatoni, speaking at ITWeb Security Summit 2008, in Midrand, today. Since its inception in July 2007, the site has amassed 1 500 subscribers. Security researchers have submitted more than 230 software vulnerabilities. “Software is sold vulnerable and these vulnerabilities have a value, so why not create an open marketplace in which to sell them?” asked Preatoni. Software is sold with stringent licence agreements that no other industry would dare attach to a product or service, he noted. “Software is sold with no reverse engineering capabilities and the vendor is so protected by law. How do we know what is concealed in there?” Thu, 08 May 2008 00:58:08 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26578 id Software, the developer of such video games as Doom and Quake as well as the company that licenses popular video engines to other game makers, on Wednesday said it had begun development of the Doom 4 title and was seeking for new workforce. The new title promises to bring “hell on earth”, but there are questions whether it would become popular and would use id’s latest id Tech 5 rendering engine. “Doom is part of the id Software DNA and demands the greatest talent and brightest minds in the industry to bring the next installment of our flagship franchise to Earth. It’s critical for id Software to have the best creative minds in-house to develop games that meet the standards synonymous with our titles,” said Todd Hollenshead, chief executive of id Software. Thu, 08 May 2008 00:53:13 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26577 A federal judge is hitting the shuttered TorrentSpy service with a $111 million penalty for facilitating the infringement of thousands of copyrighted works. U.S. District Judge Florence -Marie Cooper in Los Angeles, ruling in a case brought by the Motion Picture Association of America, said site operator Justin Bunnell and associates must pay the maximum $30,000 for "each of the 3,699 infringements shown." The case, producing what is among the largest fines in copyright history, was bolstered after the MPAA allegedly paid a hacker $15,000 for internal TorrentSpy e-mails and correspondence. Thu, 08 May 2008 00:52:31 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26576 Hundreds of thousands of examples of a new Trojan that poses as a media file have flooded onto P2P networks. Since Friday 2 May more than half a million instances of the Trojan have been detected on consumer PCs, according to net security firm McAfee. The anti-virus firm reports the spread of the Downloader-UA.h Trojan as the most significant malware outbreak in the last three years. The Trojan is being used to serve ads onto contaminated PCs as part of an apparent money-making scam. Thu, 08 May 2008 00:51:13 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26575 For a number of reasons, including ISP ad campaigns, the US broadband market has developed such that unlimited bandwidth is regarded as a universal right. With the advent of heavy P2P traffic, demand for music and video, and increased penetration, that "right" has left ISPs in the uncomfortable position of having overpromised their network capacity and scrambling for ways to avoid paying for greater capacity. Comcast's varied—and often awkward—attempts to come to terms with P2P usage represent a case study of this scramble, and word has it that the company is trying yet another new strategy: a bandwidth cap with some significant costs for users that exceed it. Comcast, like many other ISPs, has a usage policy that contains nonspecific warnings against generating excessive Internet traffic, but never defines what excessive is. Since last year, it has grown increasingly aggressive about cutting down on the bandwidth used by its subscribers. Tactics started with going after the highest-volume users of its service, and suggesting they needed to pay for higher levels of service. But the company really grabbed the spotlight once word slipped out that it was throttling P2P traffic, a practice that drew the ire not only of its users but, more significantly, the FCC. Thu, 08 May 2008 00:50:27 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26574 In Tel Aviv's wholesale fashion headquarters, where textile merchants follow in the legacy of fathers and grandfathers, many Israelis are looking for the latest in tech fashion: the iPhone. It's at Z-Tov Ltd. that consumers shop for the latest models of Samsung, Philips and Motorola. The local mobile phone chain even carries the 8GB and 16GB models of the highly coveted iPhone. One customer asks the clerk whether the store sells the 16GB iPhone. But when he hears the price, the customer walks off in disappointment. Z-Tov sells the 8GB iPhone for about 2,600 NIS, or about U.S. $753. The current market price in the United States is $399. Thu, 08 May 2008 00:48:18 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26573 Somewhere on Israeli security researcher Aviv Raff's Web site is proof-of-concept code for a zero-day exploit that affects Microsoft (NSDQ: MSFT)'s Internet Explorer browser. Israel is celebrating its 60th anniversary as a country and Raff says that treasure hunts represent an Independence Day custom. So it is that Raff is hosting a hunt for hidden code on his site. "Every day or two, I will add a new clue to this list, in a hope that by next Wednesday someone will eventually find the treasure," Raff says on his blog. "Next Wednesday, I will release the full technical details of this zero-day vulnerability and the proof-of-concept code." The first person to post a comment that identifies the hidden code and provides details about how to use it wins the contest, explains Raff. The winner will get free admission to the IsraCON security conference later this summer. Thu, 08 May 2008 00:47:29 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26572 Acunetix (www.acunetix.com), a pioneer on web application security scanning technology, has announced that the sophisticated SQL injection attacks recently launched on the websites of the US Department of Homeland Security (DHS), the UK’s Civil Service and the United Nations could have been prevented with the use of Acunetix Web Vulnerability Scanner. Hackers have attacked hundreds of thousands of web pages from reputable sites with malicious code. This turned the hacked web sites into launch sites for attacks that install malware on the computers of those who visit them. Sarah Tabone, Sales & Operations Manager at Acunetix said: “Research conducted on 3,200 websites showed that as many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists*. Furthermore, attacks like the one recently seen on the DHS can convert any web site into an attack weapon directed at unknowing visitors. These attacks could easily be avoided by using Acunetix Web Vulnerability Scanner. Thu, 08 May 2008 00:38:07 +0000 http://www.hackinthebox.org/index.php?name=News&file=article&sid=26571 A high-ranking News Corp official testified on Tuesday that he kept two hackers on the payroll for years after one of them was accused of infiltrating the security system of rival satellite television company DISH Network Corp. Abraham Peled, a member of News Corp's executive management committee headed by Rupert Murdoch and CEO of affiliate NDS Group, said he continued to employ Christopher Tarnovsky after he was told by another former hacker that Tarnovsky posted information on the Internet to let users unscramble DISH's network and receive free service. "We made it clear that these people were turning over to the good side and are expected to fight piracy instead of engage in it and we trusted Mr. Tarnovsky and instructed him not to do so," Peled said at a corporate spying trial in federal court in Santa Ana, California. Wed, 07 May 2008 01:49:14 +0000