Top Stories for Today
[65] Michael Jackson hackers hijack Sydney website [52] What to Look for in Online Backup [49] Boomerang attack against AES better than blind chance [48] How to Improve IT Cyber-Security with Visual Analytics [47] Microsoft's Gazelle browser: A layperson's explanation [46] Court Orders Spammers To Give Up $3.7 Million [40] London Stock Exchange Drops Windows System [40] Jay Leno wins cybersquatting case [39] Password Recovery Questions Make Online Accounts Vulnerable [38] Google App Engine suffers six-hour outage [37] The ins and outs of the extradition battle for Gary McKinnon [37] Apple patching serious SMS vulnerability on iPhone [37] The EU does away with a cell phone tax [35] UAE audit body sets up anti-fraud hotline [35] Will security paranoia kill wireless health IT? [33] Conficker: Forgotten but not Gone [33] Judge tentatively acquits woman in MySpace case [33] Mozilla slates first Firefox 3.5 patch [33] Psystar Emerges from Chapter 11, Launches New Mac Clone [33] China has not given up Green Dam plan [32] Cell phones used to view patient records [32] Bing searches to include Twitter results [30] BT to guarantee 15Mbits/sec with fibre [29] New Energy Star 5.0 Specifications Initiated [28] US moving cautiously on new cyber security program [20] New Kernel Vulnerabilities Affect Ubuntu 6.06, 8.04, 8.10 and 9.04 OSes View the Top 50 articles
Top 20 of the Last 2 Weeks
|
20 Latest Articles with Comments
Air France Flight 447 Catastrophe Being Used to Drop TROJ_YEKTEL.AA
Posted by l33tdawg on 2009-06-06 01:24:17 (Reads: 630)
| 
Source: PC1 News
Without a doubt, the terrifying catastrophe of Air France Flight 447 has been among the top news headlines throughout the world. And even though the tragedy has not yet been resolved and many questions are left unanswered, cyber criminals are successfully using this issue in their malicious schemes. This time they are exploiting users' curiosity to find more information about the tragedy on search engines. Watch out because cyber criminals will use this opportunity to drop TROJ_YEKTEL.AA onto your PC then an installation prompt will be displayed for the fake Personal Antivirus.
How does the whole malicious attack take place? And what should you be aware of? Just imagine, you go to google.com and enter certain keywords related to the Air France Flight 447 crash, just to find some new useful information. You do nothing wrong - you don't open any unknown attachment or read suspicious messages. But even in this case cyber criminals can trick you. Through the use of a SEO (search engine optimization) poisoning attack, searches for crash related information can lead you to links that when opened can navigate you to various suspicious sites. This attack ultimately ends in the download of rogue antivirus software.
| |
Hulu Releases Desktop Version of Video Site
Posted by l33tdawg on 2009-05-29 01:59:20 (Reads: 726)
| |
Source: Yahoo! Tech
Web browser TV watching not doing it for you? Hulu on Thursday introduced a downloadable desktop version of its video Web site.
Hulu Desktop provides access to Hulu content for a "rich, full-screen" video watching experience, Hulu said in a blog post. The offering is available on Windows and Mac – but not on Linux – and can be controlled via mouse, keyboard, or any six-button PC or Mac remote control.
"Hulu Desktop was built by a small group on our engineering team who asked themselves one day: how can we make it easier for users to immerse themselves in the great shows and movies Hulu is fortunate to have access to?" Hulu wrote. "Our answer was to build a new PC and Mac application that gives users the option to step outside of their browser, keyboard and mouse and into something different."
| |
Yahoo open to Microsoft deal under right terms
Posted by l33tdawg on 2009-05-28 04:32:47 (Reads: 572)
| |
Source: MSNBC
Yahoo Inc.'s chief executive said Wednesday that she is open to joining forces with Microsoft Corp. so both companies can better compete in Internet search, but a deal would need a specific set of terms — including "boatloads of money."
An alliance in Internet search would have to enrich Yahoo, give Yahoo access to the "right data" and bring strong technology, Carol Bartz said at The Wall Street Journal's D: All Things Digital conference. In the past, Yahoo has insisted it needs data culled from search requests to sell the most effective ads and tailor other services to suit its users' interests.
Asked if she would consider selling all of Yahoo, she said, "Oh, they'd have to have BIG boatloads of money."
| |
Password paranoia (or, how to melt your own brain)
Posted by l33tdawg on 2009-05-15 02:48:26 (Reads: 700)
| |
Source: Brisbane Times
IS THERE anybody else out there who uses a super-complicated, hack-proof password to gain access to their home computer? And who diligently changes it every few months? As though it were a ritual as important in life as flossing or oiling the axle on the wheelie bin? Or am I the only certified paranoid basket case in this city?
The nightmare scenario looping in my head is that if somebody breaks into my house the first thing they'll go for won't be the Blu-ray player or the plasma screen or my scrupulously catalogued collection of Asian Nudist Health Farm Quarterly. It'll be to get into my computer and do terrible things, such as tell everybody what's on my screensaver. (For the record, it's an artist's impression of a Care Bear giving "the business" to a Cabbage Patch doll. Now leave me alone.)
| |
NKill Aims to Catalog Vulnerabilities of Every Computer
Posted by l33tdawg on 2009-04-23 07:42:49 (Reads: 1495)
| |
Source: PC World
A security consultant is developing a search engine called NKill that aims to track the security vulnerabilities on every computer connected to the Internet, with the ability for users to search for vulnerable computers in a country or inside a specific company.
NKill, which currently covers all .com, .org and .net domain names, will be made available to the public within one month or so, said Anthony Zboralski, founder of Bellua Asia-Pacific, speaking Wednesday at the Hack In The Box Security Conference in Dubai.
Compiling a record of all of the vulnerabilities on every computer requires a TCP port scan of the entire Internet, a process that can take between eight and 16 hours using a 100M bps connection, Zboralski said.
| |
Ways to use public Wi-Fi safely
Posted by l33tdawg on 2009-03-14 01:44:13 (Reads: 1084)
| |
Source: Impact News
It is important to remember that public Wi-fi is just that — public. Using public networks can be convenient, but without proper security, logging on to websites that feature personal information, such as a banking web site, can be similar to leaving your wallet sitting on a park bench. In 2007, the Federal Trade Commission received more than 800,000 consumer fraud and identity theft complaints and losses cost victims more than $1.2 billion.
The first thing to do in a public space is find the name of the network to connect to. Hackers sometimes set up similarly spelled networks, such as HavaHouse instead of JavaHouse. This is called an Evil Twin Attack. Once connected to the imitation network, hackers can get information from the computer and internet activity. It is important to verify the name of the intended network before connecting to one.
| |
Moxie Marlinspike releases SSLstrip
Posted by l33tdawg on 2009-02-19 00:24:15 (Reads: 5045)
| |
Source: Forbes.com
On Wednesday, at the Black Hat security conference here, an independent hacker and security researcher who goes by the name Moxie Marlinspike announced that he would release a software tool for performing "man-in-the-middle" attacks on seemingly secure Web sites, including banking sites, Web e-mail or e-commerce sites.
This free program, which Marlinspike calls "SSLstrip," will allow hackers to remove the encryption or Secure Sockets Layer (SSL) protection intended to make sites safe. A cybercriminal would then have access to any passwords or other sensitive information traveling unprotected over the network.
Marlinspike's SSLstrip sits on a local network and intercepts traffic. When it detects an encrypted HTTPS (Hypertext Transfer Protocol Secure) site, it automatically substitutes a look-alike of the intended destination as an unencrypted HTTP site. That switching trick strips away the security that prevents a third party from stealing or modifying data, while telling the server that an encrypted page has been sent.
| |
Cable modem owners hack for free cable TV
Posted by L33tdawg on 2002-06-03 21:37:55 (Reads: 253251)
| |
Source: Yahoo! News
Drawing on old-school methods to splice cable TV lines for unauthorized use, hackers say they can buy a splitter at the local electronics store and easily run an additional line from the cable modem (news - web sites) line for the computer into the television. Without a set-top box, the result is free, basic, analog cable; with an illegal converter or set-top, hackers say they have access to premium channels such as HBO and Showtime.
"I only get (basic) cable. I don't subscribe; it just comes to my house along with the cable modem signal," said Noah, who wished to keep his last name anonymous. He saves roughly $40 a month on cable but spends about $42 a month on Internet access.
"Lots of people do this if all you want is analog cable," he said. "All cable services are run through the same line; they can't just cut power to analog cable and still give you a cable modem."
Cable operators have battled this form of piracy for years, but it's taking on new urgency in the race to build high-speed Internet service. Broadband providers are struggling with costs, with AT&T just last week instituting a price increase for cable modem customers.
| |
BitTorrent piracy is for cash-poor teenagers with time on their hands
Posted by l33tdawg on 2009-02-09 13:56:44 (Reads: 1543)
| |
Source: Telegraph (UK)
The music and film industries have long been worried about the threat of internet piracy, but I'm less than convinced that it is such a big threat they fear, and their attempts to fight it have failed.
Certainly, digital rights management - or, more accurately, digital restrictions management, because it adds annoying restrictions - has not stopped piracy. It has just made it more difficult for viewers to enjoy the content, and hasn't prevented films from being available to file-sharers.
Yes, you can download films using BitTorrent and not pay for them, but it's a right royal pain, something time-rich and cash-poor teenagers will put up with, but which is less appealing to everyone else. At the same time as letting teenagers pirate content, the internet also provides new revenue streams for content provides. Content providers should, therefore, relax.
| |
RFID Chips Can Now Be Read Through Metal
Posted by l33tdawg on 2009-02-05 01:50:16 (Reads: 1113)
| |
Source: Softpedia
RFID chips, in addition to being truly useful in stores, for inventories and the likes, are highly-criticized by human rights groups, because they say that, once inserted in a human being, they can pass on their location, as well as a myriad of personal information, including banking accounts, purchasing habits and the likes. Now, German scientists at the Fraunhofer Institute for Microelectronic Circuits and Systems IMS in Duisburg have sparked another wave of critics, when they invented a chip that could be integrated into metal and still send viable data to a reading device.
RFID devices are usually made up of two pieces, a small tag that is incorporated into the product, animal or human that needs tracing, as well as a reading device, which can gather and process the data of each tag from several meters away.
And therein lies the privacy problem with these chips – the fact that a person could have his or her entire life scanned without even knowing it, as well as have his or her position known by someone at all times. Moreover, while some may argue that this increases their sense of security, that claim is utterly false, considering the fact that the entire system is designed to keep people in check and under control.
| |
IEEE readies launch of gigabit Wi-Fi project
Posted by l33tdawg on 2008-09-14 01:09:58 (Reads: 1747)
| |
Source: PC World (Australia)
The IEEE working group that is putting the finishing touches on the 802.11n 100Mbps wireless LAN standard is about to launch a new project, for a 1Gbps WLAN standard. That would mean gigabit Wi-Fi.
Last year, group members formed the Very High Throughput Study Group to explore changes to the 802.11 WLAN standard to support gigabit capacity. The study group is looking at doing so in two frequency bands, high-frequency 60GHz for relatively short ranges and under-6GHz for ranges similar to that today’s WLANs in the 5GHz band, 802.11a and 11n.
At a meeting this week in Hawaii, the study group has been finalizing a proposal calling for creation of a new, as yet unnamed task group to carry forward the work of crafting a standard. That proposal must be accepted by the 802.11 Working Group, which oversees the entire WLAN standard.
| |
IT Security's Next Big Threat: Young People
Posted by l33tdawg on 2008-11-21 02:51:01 (Reads: 2053)
| |
Source: Dark Reading
First, it was viruses. Then it was financially motivated hackers, followed by insider threats. And the next big danger? People who can't remember the Bee Gees. During the past two weeks, IT security managers have been getting a new warning that turns the old '60s hippie slogan -- "Never trust anyone over 30" -- upside down. The new message: Twenty-somethings are putting the corporate network at risk.
Since Nov. 5, three separate studies -- from Accenture, Intel, and ISACA, a major IT users group -- have indicted the youngest generation of employees as one of the enterprise's newest and most serious security risks. People under the age of 28 -- sometimes called Generation Y and sometimes called Millenials, depending on how you define the category -- are engaging in online behavior that could expose their organizations to data leakage and information theft, the studies say.
The Accenture study, published two weeks ago, queried more than 400 students and employees ranging from age 14 to age 27. It found that more than half (60 percent) of young people "are either unaware of their companies' IT policies or are not inclined to follow them."
| |
Ubuntu Linux Vs. Windows Vista: The Battle For Your Desktop
Posted by l33tdawg on 2007-08-06 03:24:30 (Reads: 4441)
| |
Source: Information Week
The prevailing wisdom about Linux on the desktop runs something like this: "I'll believe Linux is ready for the desktop as soon as you can give me a Linux distribution that even my grandmother can run." For some time, the folks at Ubuntu have been trying their best to make Granny -- and most everyone else -- happy. They've attempted to build a Linux distribution that's easy to install, use, configure, and maintain -- one that's at least as easy as Windows, and whenever possible, even easier. As a result, Ubuntu is one of the Linux distributions that has been most directly touted as an alternative to Windows.
In this feature, I'm going to compare the newly-released Ubuntu 7.04 (codenamed "Feisty Fawn") with Microsoft Windows Vista in a number of categories. To keep the playing field as level as possible, I'm looking wherever I can at applications -- not just in the sense of "programs," but in the sense of what the average user is going to do with the OS in a workday. Sometimes the differences between the two OSes are profound, but sometimes the playing field levels itself -- OpenOffice.org, for instance, is installed by default in Ubuntu, but adding it to Vista isn't terribly difficult.
| |
Broad Web Hack Hits Thousands of Servers
Posted by l33tdawg on 2008-11-10 02:37:03 (Reads: 1483)
| |
Source: Real Tech News
Kaspersky Labs warned on Friday that hackers have launched a huge Internet hacking effort, posting malicious links on as many as 10,000 servers. The end result of the hack is that surfers may end up at a malicious server located in China, vvexe.com. Exploits are then used to launch an attack on the user’s machine.
Norton Safe Web and StopBadWare.org have reports on that site.
Once again, if you’re patched, and have up-to-date antivirus and security software, you would probably be safe from surfing to one of these sites. One question is: how are the websites being compromised, and Kaspersky hasn’t managed to determine that yet. An earlier attack this year affected 1.5 million servers, so in comparison this is small, but the attack has just begun, Kaspersky warned.
| |
Linux: the girlfriend test
Posted by l33tdawg on 2008-09-22 01:29:59 (Reads: 3005)
| |
Source: Tech Radar
The world has changed in the last 10 years. Humans finally have hover cars, unlimited energy and a cure for cancer. Well, not exactly, but Linux is almost ready for the mainstream desktop. Which is just as exciting. Sort of.
Before we crack open the Canonical-branded champagne, there are one or two things to sort out. Linux still has a reputation for being too finicky, technical and 'just for geeks'. This needs to be killed as quickly as possible. How? By putting the latest distributions through the ultimate in scientific usability studies: the girlfriend test.
See, the old problems of hardware incompatibility that once plagued Linux are fading, especially now that major vendors such as Asus and Dell are starting to cuddle up to Tux. The issues still prevalent are in the process of converting the huddled masses (or 'Windows users') and making the experience as friendly, straightforward and encouraging as possible. This needs to happen before Linux can reach that critical mass of users.
| |
Malicious e-mails target Bit Torrent
Posted by l33tdawg on 2008-09-10 01:24:32 (Reads: 2719)
| |
Source: The Inquirer
BORED SPAMMERS have reportedly disseminated millions of e-mails accusing random surfers of illegally downloading copyrighted files on Bit Torrent.
The phony e-mails, disguised as a stern message from the anti-piracy company Media Defender, warns the recipient that his or her download activity has been logged. In addition, the message demands an immediate cessation of illegal downloads and threatens criminal prosecution under US federal law.
The malicious e-mail also includes an attached activity 'report' in the form of a nasty Mytob worm. When accessed, the worm installs a trojan that allows hackers remote access to the infected machine.
| |
Malaysia-Today.net 'blackholed' by order of the Malaysian Government
Posted by l33tdawg on 2008-08-28 01:13:16 (Reads: 4156)
| |
Source: Malaysia Kini
L33tdawg: This is really a sad day indeed - the MSC bill of guarantees clearly states that the Internet will not be filtered/censored or otherwise manipulated. Today it might be Malaysia-Today, tomorrow maybe it'll be CNN and BBC. It's the beginning of the end imho and I am truly disappointed with MCMC for 'bowing down' to the pressure of the incumbent government to try and stifle the flow of information merely because it paints the .gov in a negative light - We don't need the govt to tell us what we can and cannot read; what we can and cannot think!
In a rare move, Malaysian Communications and Multimedia Commission (MCMC) has ordered all internet service providers (ISPs) to block controversial online portal Malaysia Today. MCMC chief operating officer Mohamed Sharil Tarmizi, when contacted today, confirmed that the block was ordered by the commission, which is the regulatory body for online content.
"It is being blocked because we found that some of the comments on the website were insensitive, bordering on incitement," he told Malaysiakini.
As at 7pm, a check by Malaysiakini showed users are unable to access Malaysia Today through three major ISPs - TMnet, Maxis and Time. However, users can still access the errant website through Jaring.
| |
Gmail Back in Service after Outage
Posted by l33tdawg on 2008-08-12 02:25:18 (Reads: 2372)
| |
Source: Internet News
Google confirmed "many Gmail users" were unable to access the email service since about 2 p.m. Pacific Time after receiving a "502 Error" message which would seem to indicate a system overload of some kind for the popular service.
Whatever the issue, it appears to have been identified and fixed. A Google spokesman said the issue has been fixed and Gmail is functioning normally. Several mail users contacted by InternetNews.com report their service is back and working after being unable to access it. In response to a request for an explanation about the problem, Google sent the following statement to InternetNews.com:
"Since about 2 p.m. Pacific Time today, many Gmail users have been unable to access their email. We are very sorry for this interruption in service. The issue is being caused by a temporary outage in the contacts system used by Gmail, which is preventing Gmail from loading properly. We are starting to roll out a fix now and hope to have the problem resolved as quickly as possible. Even though you may not be able to get to your inbox right now, your mail is safe, including new incoming messages.
| |
Should You Pay Twice as Much for a Mac?
Posted by l33tdawg on 2008-08-08 02:36:25 (Reads: 3386)
| |
Source: eWeek (Blog)
On Saturday, Aug. 2, I got to wondering about Mac versus Windows PC pricing after seeing two HP notebooks on sale at the local Target. One of them, a 14-inch model, the HP DV2946NR, sold for $699.99 and packed 4GB of memory and a 320GB hard drive. Capacity for both features is twice that of the $1,299 MacBook—and shared graphics is 356MB compared with a meager 144MB for the MacBook. I wondered: If Vista notebooks are selling for so little and packing so much, how does this compare with Mac desktops and notebooks?
Today I contacted Stephen Baker, NPD's vice president of industry analysis, about computer average selling prices at retail. That HP notebook is right on mark: ASP for retail Windows notebooks is $700. Mac laptops: $1,515. Yeah, right, they're more than twice as much. But there's more: The ASP for Mac desktops is more than $1,000 greater than for Windows PCs, and Mac desktop ASPs were higher in June than they were two years ago.
| |
|
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· opialaid-sql.txtOpial version 1.0 suffers from a remote SQL injection vulnerability.
· glsa-200907-02.txtGentoo Linux Security Advisory GLSA 200907-02 - Two vulnerabilities in ModSecurity might lead to a Denial of Service. Versions less than 2.5.9 are affected.
· glsa-200907-01.txtGentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected.
· rentventory-sql.txtRentventory PHP suffers from multiple remote SQL injection vulnerabilities.
· petite-sql.txtThis paper is a small SQL injection tutorial and is written in French.
· oCERT-2009-009.txtCamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.
· USN-795-1.txtUbuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.
· USN-794-1.txtUbuntu Security Notice USN-794-1 - It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service.
Topics
· All topics
· AMD News (Jun 04, 2009)
· Apple News (Jul 03, 2009)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Jul 02, 2009)
· Encryption (Jul 03, 2009)
· Games (Jul 02, 2009)
· Hardware (Jul 01, 2009)
· HITB News (Apr 15, 2009)
· Industry News (Jul 03, 2009)
· Intel News (Jun 29, 2009)
· Law and Order (Jul 03, 2009)
· Linux (Jul 03, 2009)
· Microsoft (Jul 03, 2009)
· Networking (Jul 03, 2009)
· PDAs (Feb 09, 2007)
· Privacy (Jun 30, 2009)
· Red Hat (Jul 02, 2009)
· Science (Jun 23, 2009)
· Security (Jul 03, 2009)
· Software & Programming (Jul 03, 2009)
· Spam (Jun 11, 2009)
· Technology (Jul 03, 2009)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Jul 03, 2009)
· Wireless (Jun 29, 2009)
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
An informal tool