Top Stories for Today
[334] Special Report: HITB2009 CTF Weapons of Mass Destruction [294] How to Jailbreak iPhone 3.1.3 IPSW with PwnageTool 3.1.5 [218] Adobe apologizes for festering Flash crash bug [197] Hackers training website shut down by China government [188] Microsoft's Windows 7 chief: It's not us; it's your batteries [182] Germany to purchase stolen Swiss bank data for $3.5 million [162] Conficker outbreak infects Leeds hospital servers [161] AMD Reveals Fusion CPU+GPU, To Challege Intel in Laptops [158] How O2 secured its network for the iPhone [154] Former Intel Exec Pleads Guilty in Galleon Insider Case [154] YouTube confirms IPv6 support [150] ÂŁ150m sting to infect computers with porn [133] Open source means freedom from 'anti-features' [130] Google warns Chinese copycat Web site [129] Inside CloudLinux's New Linux-Based Cloud OS [125] Intel, IBM roll out new computer network chips [115] IT hiring jumps in January [114] Critical infrastructure under constant cyberattack [114] 95% of user-generated content was malicious in 2H 2009 [112] IT Outsourcing: Why It Pays to Appraise Your Contract [110] Korean government to spend $341M on IT workforce training View the Top 50 articles
Top 20 of the Last 2 Weeks
|
Special Report: HITB2009 CTF Weapons of Mass Destruction
Posted by l33tdawg on Tuesday, February 09, 2010 - 06:40 AM (Reads: 334)
|
Source: HITB
L33tdawg: This article was originally supposed to be released as part of Issue 001 of the new HITB Ezine but unfortunately did not make it in time for release. As such we've decided to put this out as a 'special release' instead of waiting for Issue 002. Speaking of which, if you'd like to contribute for the next issue, submissions are currently being accepted - for further details kindly email zarulshahrin@hackinthebox.org
A true 'hacker's conference' wouldn't be fun without a competition where hackers go head to head, tears are shed, and blood is spilled, and when we say blood we mean points. CTFs have always been about how good and fast you are at reversing and exploiting daemons and binaries. Sure it's fun and all but after a few years of the same thing, it's starts to get boring. Hence we decided to come up with CTF - Weapons of Mass Destruction (say it with me, destruktion!!!).
Let's face it, acquiring allies and launching nukes at rival teams is much more fun than just reversing binaries and stealing flags. Strategy is everything! The crew worked hard through out the year, planning the game mechanics, designing the world map, and coming up with complex challenges for the game. Though there were some quirks here and there on game day, miraculously we pulled it off. The nukes weren't the only thing that was different. We also had no prize money for this year's CTF but teams still signed up anyway purely for the bragging rights. You guys are f@#&king awesome!
So without further ado, the CTF crew brings you the writeup for Weapons of Mass Destruction 2009. Enjoy!
https://www.hackinthebox.org/misc/HITB-CTF2009-Special-Report.pdf
[   ]
| |
Adobe apologizes for festering Flash crash bug
Posted by l33tdawg on Tuesday, February 09, 2010 - 06:20 AM (Reads: 218)
|
Source: The Register (UK)
An Adobe product manager has apologized for allowing a potentially serious bug in Flash Player to remain unfixed for more than 16 months.
The admission, by Emmy Huang, product manager for Flash, came a week after Apple CEO Steve Jobs lambasted Adobe engineers as "lazy" and said when Macs crash, "more often than not it’s because of Flash." Adobe CTO Kevin Lynch struck back, insisting that at Adobe, "we don't ship Flash with any known crash bugs."
The crash bug at issue in Huang's blog post published over the weekend was reported in September 2008, but it has yet to be excised from release versions of Flash. She said a beta version of Flash scheduled for official release later this year has fixed the problem.
[ ]
| |
Conficker outbreak infects Leeds hospital servers
Posted by l33tdawg on Tuesday, February 09, 2010 - 06:19 AM (Reads: 162)
|
Source: The Register (UK)
Servers on the network of Leeds Primary Care NHS Trust were struck down by the Conficker worm late last week.
The malware infection struck on Friday and forced administrators to take a handful of infected servers offline, in phases, in order to apply deworming tools. Trust PCs were not infected by the attack, which a leaked memo blamed on the connection of an infected laptop onto the network.
[ ]
| |
IT hiring jumps in January
Posted by l33tdawg on Tuesday, February 09, 2010 - 06:18 AM (Reads: 115)
|
Source: Computer World
U.S. IT employment increased by 12,900 jobs, or 0.3%, in January, one of the best month-to-month gains since the recession hit in late 2008, the TechServe Alliance reported today.
The positive news comes after the prolonged recession had reduced overall IT employment by some 200,000 jobs, according to the Alexandria, Va.-based IT services industry group, which tracks monthly changes in IT hiring based on its own analysis of U.S. unemployment data.
The alliance's monthly calculations found that tech employment peaked in November, 2008, with some 4 million jobs. But in the first half of last year, IT employment fell off the cliff. The employment picture began stabilizing last summer. The January report lists a total of 3.823 million IT jobs.
[ ]
| |
Korean government to spend $341M on IT workforce training
Posted by l33tdawg on Tuesday, February 09, 2010 - 06:17 AM (Reads: 110)
| |
Source: JoongAng Daily
In another bid to enhance the competitiveness of the country’s information and technology sector, the Ministry of Knowledge Economy said yesterday it will spend 400 billion won ($341 million) to fund a four-year program aimed at fostering 41,000 experts in the field.
The ministry said in a release that it will provide 401.1 billion won to help train 35,000 basic IT researchers for the corporate world, 4,000 IT workers for government agencies and 2,000 specialists for the IT convergence sector by 2013. The money will be filtered primarily to universities across Korea to develop training programs and provide students with financial support.
The ministry said the program will focus on enhancing the skills of workers earning their master’s or doctoral degrees. In the past, most state programs centered on cultivating the country’s IT workforce targeted undergraduate programs.
[ ]
| |
Intel, IBM roll out new computer network chips
Posted by l33tdawg on Tuesday, February 09, 2010 - 06:17 AM (Reads: 125)
|
Source: Yahoo! News
US technology titans IBM and Intel have rolled out powerful new computer chips designed for businesses continually demanding more from networks and data centers.
Intel introduced an Itanium processor 9300 series developed under the code name "Tukwila" that it touts as delivering twice the performance of prior generation chips. The 9300 series features two billion transistors per chip and four "cores," mini-brains that process data.
"With the Gartner Group predicting a 650 percent growth in IT data over the next five years, businesses need increasingly powerful and scalable enterprise servers," Intel said in a release. Intel also said the chips are built to improve the ability of computer systems to recover from otherwise fatal errors.
[ ]
| |
Google warns Chinese copycat Web site
Posted by l33tdawg on Tuesday, February 09, 2010 - 06:14 AM (Reads: 130)
| |
Source: Total Telecom
Google Inc. has warned a copycat Chinese Web site to stop using a logo that resembles the U.S. Internet giant's or face possible legal action, state media reported Monday.
The warning issued to the "Goojje" Web site comes as Google is contemplating its future in China after saying it would no longer obey government censorship rules and could pull out entirely over alleged cyberattacks.
Google accused Goojje of infringing on its trademark rights, saying the logo of the Chinese Web site could make users believe it was authorized by or linked to the U.S. company, the Shenzhen Economic Daily reported. In a letter sent to Goojje by Google's lawyers, the U.S. Internet company demanded the Chinese site stop using the logo by Monday, the report said.
[ ]
| |
Microsoft's Windows 7 chief: It's not us; it's your batteries
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:39 AM (Reads: 188)
|
Source: ZDNet (Blog)
Microsoft’s President of Windows has weighed in about the reports of alleged problems with PC batteries coming from some Windows 7 users. Steven Sinofsky posted to the Engineering Windows 7 blog about the battery-notification issue on February 8. If you want to know all about battery performance, telemetry data, and more, read the full post. If you don’t have time, here’s the synopsis: It’s not us; it’s your batteries.
Sinofsky blogged:
“(E)very single indication we have regarding the reports we’ve seen are simply Windows 7 reporting the state of the battery using this new feature and we’re simply seeing batteries that are not performing above the designated threshold.”
Sinofsky said that Microsoft and its partners have been investigating the reports, especially over the past few days, and have found the battery-metering feature of Windows 7 to be working fine. Because previous versions of Windows didn’t include this meter, some users may not have been aware their batteries were degrading, he said. But there is no truth to reports that Windows 7 is sapping batteries prematurely or that any drivers or the BIOS in Windows 7 PCs are not functioning correctly, Sinofsky said.
[ ]
| |
AMD Reveals Fusion CPU+GPU, To Challege Intel in Laptops
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:38 AM (Reads: 161)
|
Source: Arstechnica
The "Llano" processor that AMD described today in an ISSCC session is not a CPU, and it's not a GPU—instead, it's a hybrid design that the chipmaker is calling an "application processor unit," or APU. Whatever you call it, it could well give Intel a run for its money in the laptop market, by combining a full DX11-compatible GPU with four out-of-order CPU cores on a single, 32nm processor die.
Details on the highly parallel vector hardware—the "GPU" part of the device—have yet to be disclosed, but AMD is focusing today's revelations on the CPU part of the design. In a nutshell, AMD has taken the "STARS" core that's used in their current 45nm offerings, shrunk it to a new 32nm SOI high-K process, and added new power gating and dynamic power optimization capabilities to it. Each out-of-order core has a bit under 35 million transistors, and a 1MB L2 cache that's not included in that number. AMD is targeting sub-3GHz operation, and a power consumption range of 2.5 to 25 watts.
[ ]
| |
Former Intel Exec Pleads Guilty in Galleon Insider Case
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:36 AM (Reads: 154)
|
Source: HardOCP
The tenth person to plead guilty in that Galleon insider trading case was a former treasury department executive at Intel. According to the New York Times, the man has agreed to cooperate with authorities but still faces up to 25 years in prison if convicted.
Throughout 2007, the executive, Rajiv Goel, provided Mr. Rajaratnam with details of Intel’s quarterly earnings before they were publicly released. He also tipped Galleon’s founder about a pending joint venture between the Clearwire Corporation and Sprint Nextel, a deal that Intel planned to invest $1 billion in.
[ ]
| |
How to Jailbreak iPhone 3.1.3 IPSW with PwnageTool 3.1.5
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:35 AM (Reads: 294)
|
Source: Softpedia News
With the PwnageTool app now updated for Mac OS X users, most of the iPhone Dev Team’s set of jailbreak and unlock tools now supports iPhone firmware 3.1.3, the latest update from Apple. Although Softpedia does not condone jailbreaking, those who do wish to employ these tools and hack their iPhones should at least follow a few guidelines, so they don’t brick their devices.
“If you really truly feel that you need to update, [PwnageTool 3.1.5] creates a custom 3.1.3 IPSW for you to restore to on your iPhone 2G, iPhone 3G, iPhone 3GS with early bootrom, iPod touch 1G, and iPod touch 2G with early bootrom,” the iPhone Dev Team says in its recent blog post.
“If you don’t know if you have an early bootrom or not, please avoid updating until you learn more [...] If you have an iPhone 3GS, PwnageTool works if you’re currently at version 3.1.2 or below (down to 3.0). [...] Don’t use PwnageTool on the iPhone 3GS if you’re at 3.1.3, it just won’t work (you will need to downgrade to 3.1.2).” “Also, if you use the blacksn0w unlock (currently at baseband 05.11.07), you will need to stay at 3.1.2,” according to the infamous team of hackers.
[ ]
| |
YouTube confirms IPv6 support
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:32 AM (Reads: 154)
|
Source: Network World
YouTube confirmed that it now supports IPv6, the long-anticipated upgrade to the Internet's main communications protocol, in a blog post published Friday.
"We're proud to make YouTube available over IPv6 and to begin streaming videos from a select number of sites worldwide to our Google over IPv6 partners," wrote Lorenzo Colitti, a Google network engineer. "With YouTube on board, we now have a significant amount of content delivered on IPv6 and a real audience/traffic for it."
Earlier in the week, ISPs guessed that YouTube had begun production-level support for IPv6 because they saw a huge surge of IPv6 traffic leaving YouTube's data centers worldwide. In his blog post, Colitti said support of IPv6 was necessary to allow more people and devices to attach directly to the Internet.
[ ]
| |
Open source means freedom from 'anti-features'
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:29 AM (Reads: 133)
| |
Source: Computer World (NZ)
Proprietary vendors are using "anti-features", features that no user would ever want, to protect intellectual property, Benjamin “Mako” Hill, from the Massachusetts Institute of Technology, told the linux.conf.au open source conference last month.
But IP protection is only one of several reasons vendors introduce such features into their products.
An anti-feature serves the interests of the vendor, he says, not the user. A typical example is the set of limitations placed on the Home Basic version of Microsoft’s Vista operating system; these restricted memory and disk-storage support and limited the user to at most three concurrent applications using the graphical user interface, Hill says. “The aim was to make it so bad that anyone would pay to upgrade to the next version,” he says.
[ ]
| |
ÂŁ150m sting to infect computers with porn
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:28 AM (Reads: 150)
|
Source: metro.co.uk
A British couple had pornographic images of young children downloaded on to their computer by cyber hackers as part of a ÂŁ150million international sting. The pensioners were told the conmen would continue to infect their PC unless they paid ÂŁ20 for a code to crack the virus.
They were victims of a Trojan horse virus called ransomware, which kidnaps documents and encrypts them, meaning users can no longer access their files unless they pay the demand by credit card. The scam has already netted the crooks ÂŁ150million on both sides of the Atlantic according to the FBI. This year that figure is expected to double or even triple.
Victims fork out the cash in US dollars through Western Union because they believe there is no other way of releasing their files. However, the problem can be cleared with free anti-virus software.
[ ]
| |
Critical infrastructure under constant cyberattack
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:27 AM (Reads: 114)
| |
Source: MB.com
The coming May 2010 automated election is surrounded by controversy and a number of technological fears. It all started with the defacement of some government websites and now the much talked about importation of 5,000 jamming devices. All these sounded new to the ordinary people, but to those who belong to the I.T. industry - especially those who are involved in security knows that cyber attacks happen everyday, and the impact / cost is staggering.
In a report “In the Crossfire: Critical Infrastructure in the Age of Cyberwar”, commissioned by McAfee and authored by the Center for Strategic and International Studies (CSIS) found that the risk of cyberattack is rising. Despite a growing body of legislation and regulation, more than a third of IT executives (37%) said the vulnerability of their sector had increased over the past 12 months and two-fifths expect a major security incident in their sector within the next year. Only 20% think their sector is safe from serious cyberattack over the next five years.
A survey of 600 IT security executives from critical infrastructure enterprises worldwide showed that more than half (54%) have already suffered large scale attacks or stealthy infiltrations from organized crime gangs, terrorists or nation-states. The average estimated cost of downtime associated with a major incident is $6.3 million per day.
[ ]
| |
How O2 secured its network for the iPhone
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:25 AM (Reads: 158)
| |
Source: Connected Planet Online
When it comes to Apple’s iPhone, the following clichés must certainly ring true for network operators trying to support the iconic, bandwidth-hungry device: too much of a good thing; the devil is in the details; and perhaps above all: careful what you wish for, you just might get it.
Led largely by the iPhone – the first device to make mobile browsing palatable, while also introducing a whole new world of traffic-consuming “apps” – today’s connected devices pose considerable challenges for network operators. Most of the attention goes to the network itself, both the need for upgrades to the radio interfaces that let users jump on the network at 3G and soon 4G speeds, as well as various aspects of the mobile transport network itself, including backhaul to and from cell towers and the emerging converged packet core.
Yet such devices present a major challenge in another crucial area as well, one which, if it were to go untended, could result in even more dire consequences than a few dropped calls and a “there’s a map for that” ad campaign – namely, security.
[ ]
| |
Germany to purchase stolen Swiss bank data for $3.5 million
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:18 AM (Reads: 182)
| |
Source: Der Spiegel
German tax authorities are preparing to pay a hefty sum for information on tax evaders with accounts in Switzerland, but the deal looks well worth it. The state is expected to recover as much as 400 million euros in back taxes, a German newspaper reports Friday.
The extent of tax evasion by a number of German citizens with Swiss bank accounts appears to be far wider than originally thought. As the German government prepares to fork out a considerable sum for a CD with information about Germans suspected of dodging taxes, a newspaper reports that tax authorities could recover up to €400 million ($500 million) in back taxes.
According to a report in Friday's edition of the Süddeutsche Zeitung, German tax officials are basing their assessment on a sample of data relating to around 100 bank accounts that the informant has already provided them with. The German government has been criticized over the fact that it is willing to pay a large sum, thought to be around €2.5 million ($3.4 million), for the stolen data.
[ ]
| |
Inside CloudLinux's New Linux-Based Cloud OS
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:17 AM (Reads: 129)
|
Source: The Whir
For the past 13-years, Igor Seletskiy has developed a series of innovative new products for the hosting industry, including the control panel H-Sphere, container-based virtualization product FreeVPS, single server control panel CP+, Web-based file manager WebShell, and website building tool SiteStudio.
Now, Seletskiy is set to launch CloudLinux (www.cloudlinux.com), the first Linux–based, commercially supported operating system optimized for shared hosting providers and data centers, at the upcoming Parallels Summit 2010.
The operating system increases server density by improving stability and reliability using isolation technology to create Lightweight Virtual Environments.
[ ]
| |
IT Outsourcing: Why It Pays to Appraise Your Contract
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:16 AM (Reads: 112)
| |
Source: CIO
Everyone knows a good outsourcing relationship needs to be actively managed. So does a good IT outsourcing contract.
Most contain what Marc Tanowitz, principal of outsourcing consultancy Pace Harmon, calls "active obligations"-provisions to be completed post contract-execution that require periodic review or that may vary over time. Many of them can have a significant impact on performance and cost if neglected.
Even a seemingly healthy IT outsourcing arrangement can benefit from an annual check-up to ensure that metrics are providing meaningful insight into performance, get an updated understanding of outsourced operations and how well they're running, and ensure that you're getting what you've paid for per the contract. If things aren't going smoothly, such a review can provide a platform for productive discussions with the outsourcer about why the relationship is faltering. And, in the worst case scenario, it can minimize the risks of transition for buyers thinking about walking away from a deal.
[ ]
| |
95% of user-generated content was malicious in 2H 2009
Posted by l33tdawg on Tuesday, February 09, 2010 - 05:16 AM (Reads: 114)
| |
Source: SF Gate
Wow. Security firm Websense just released a report on the cyber-threat landscape during the second half of 2009 and, I have to say, some of the findings were jaw dropping. I'll go through some of the highlights.
First off: the firm, which scans millions of Web sites and e-mails a day looking for malicious content, found that 95 percent of all user-generated content came laced with some kind of spam or malicious link.
"The notion that the Internet could be the great equalizer turned out to be true after all; unfortunately, it's mostly making suckers out of all of us," said the wonderful tech Web site Ars Technica on the matter.
[ ]
| |
|
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· HPSBUX02503-SSRT100019.txtHP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
· MDVSA-2010-034.txtMandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45.
· nightdahack2010-cfp.txtNight Da Hack 2010 Call For Proposals - This conference will take place from 4 PM through 7 AM, June 19th through the 20th, 2010 in Paris, France.
· CORELAN-10-010.txtGeFest Web HomeServer version 1.0 suffers from a directory traversal vulnerability.
· wsnguestdb-disclose.txtWSN Guest Database appears to suffer from a database disclosure vulnerability.
· bluedove-sql.txtBlue Dove suffers from a remote SQL injection vulnerability.
· synspam_0.4.0-1.tar.gzSynspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
· as3flexdb-sqldisclose.txtAS3FlexDB suffer from remote database login information disclosure and remote SQL execution vulnerabilities.
Topics
· All topics
· AMD News (Feb 09, 2010)
· Apple News (Feb 09, 2010)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Feb 03, 2010)
· Encryption (Jan 15, 2010)
· Games (Feb 04, 2010)
· Hardware (Feb 08, 2010)
· HITB News (Feb 09, 2010)
· Industry News (Feb 09, 2010)
· Intel News (Feb 03, 2010)
· Law and Order (Feb 09, 2010)
· Linux (Feb 09, 2010)
· Microsoft (Feb 09, 2010)
· Networking (Feb 09, 2010)
· PDAs (Feb 09, 2007)
· Privacy (Feb 08, 2010)
· Red Hat (Nov 18, 2009)
· Science (Feb 04, 2010)
· Security (Feb 09, 2010)
· Software & Programming (Feb 09, 2010)
· Spam (Jan 26, 2010)
· Technology (Feb 09, 2010)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Feb 09, 2010)
· Wireless (Dec 28, 2009)
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
Re: RSA - Breaking the Standard