Top Stories for Today
[395] Five Best VPN Tools [386] Building a Linux Incident Response / Forensic Disk [382] 1024-bit RSA encryption cracked by carefully starving CPU of electricity [233] Researchers dissect ZeuS botnet blueprint [199] The Basics of SAN Security [194] Hackers target freshly uncovered Internet Explorer hole [171] Army plans enterprise email system [152] UK still lousy on electronic nosiness [136] Limewire taps AVG for virus free torrents [133] Physicists Find Way to See Through Paint, Paper, and Other Opaque Materials [132] Feds Move to Break Voting-Machine Monopoly [127] Top Five Tips for Securing your Business Reputation [121] Microsoft skips patch for PowerPoint add-on [121] Symantec Offers New Approach to Mobile Security View the Top 50 articles
Top 20 of the Last 2 Weeks
|
Building a Linux Incident Response / Forensic Disk
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:28 AM (Reads: 386)
|
Source: SANS
There are many Linux distributions readily available. This however should not stop you creating your own version of a UNIX forensic tools disc. Whether you are on Solaris, HP-UX or any other variety of UNIX it is simple to create a forensic tools CD that can go between systems. The added benefit of this method is that the tools do not need to be left on the production server. This in itself could be a security risk and the ability to unmount the CD and take it with you increases security.
The ability to create a customized CD for your individual system means that the analyst can have their tools available for any UNIX system that they need to work with. It may also be possible to create a universal forensic CD. Using statically linked binaries, a single DVD or CD could be created with separate directories for every UNIX variety in use in the organization that you are working on. For instance, the same CD could contain a directory called “/Solaris” which would act as the base directory for all Solaris tools. Similarly, base directories for Linux (/Linux), HP-UX (/HPUX10, /HPUX9) and any other variety of UNIX in use in your organization could be included on the same distribution allowing you to take one disk with you but leaving you ready at all times.
[   ]
| |
UK still lousy on electronic nosiness
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:27 AM (Reads: 152)
|
Source: The Register (UK)
A new report highlights a depressingly consistent drift towards ever greater control of the population using new technologies.
There are few surprises in the 2010 report, entitled The Electronic Police State, issued yesterday. It shows Russia and the United States within a couple of points of each other when it comes to electronic policing and surveillance, North Korea just overtaking China to gain top prize, and the United Kingdom leading the rest of the West – after the US.
The report's authors at CryptoHippie do, of course, have a product to shift. It is a US-based company providing what it describes as "superior privacy enhancing technologies". However, it has also been putting a regular toe in the water to test the degree of electronic surveillance going on worldwide, and while it may not be the most unbiased of observers, it is at least producing a consistent data stream that allows the rest of us to debate the issues and monitor trends.
[ ]
| |
Five Best VPN Tools
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:27 AM (Reads: 395)
|
Source: Life Hacker
VPN software brings the security of a private network to an insecure network, and allows you to access private local networks from anywhere. As we've explained in the past, you can do things between computers on your local network you can't from out on the internet: like listen to a shared iTunes library or access files in shared folders. Virtual private network applications give you access to your computer from anywhere on the internet as if you were home on your local network. Earlier this week we asked you to share your favorite software for establishing and maintaining virtual private networks. We rounded up the votes, and now we're back with the five most popular VPN applications.
If you're new to the idea of virtual private networks, you can read up on the technical nitty-gritty at the Wikipedia entry for VPNs. Note: This Hive Five contains both VPN server applications (the apps that create virtual private networks on your local network so it's accessible from the outside world) and VPN client applications (the apps that connect to virtual private networks from the outside world). In many instances companies produce VPN servers, VPN clients, VPN servers with accompanying clients, or VPN clients that are designed to work with a variety of servers.
[ ]
| |
Researchers dissect ZeuS botnet blueprint
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:26 AM (Reads: 233)
|
Source: IT News (Australia)
A little knowledge and a few thousand dollars is all it takes to build a fully functional botnet, according to security experts. Cisco researchers Patrick Peterson and Henry Stern told delegates at the 2010 RSA conference in San Francisco that a botnet running the infamous ZeuS malware could be built for US$2,500 ($2,753.50).
ZeuS is primarily a data-gathering and botnet control tool, but has become particularly loathed in the security community because it directly injects content into pages and intercepts credentials before they are sent to legitimate sites.
Making matters worse, the monetary and technical thresholds for running Zeus are particularly low. Peterson and Stern said that a current version of Zeus can be had for roughly US$700, while older versions can be obtained for free.
[ ]
| |
Feds Move to Break Voting-Machine Monopoly
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:25 AM (Reads: 132)
| |
Source: Wired (Threat Level)
Citing anti-competitive concerns, the Justice Department sued Election Systems & Software in order to force the company to divest itself of the voting machine assets it obtained from Premier Election Solutions last year.
The department’s antitrust division, along with nine state attorneys general, filed the civil antitrust lawsuit (.pdf) in U.S. District Court in Washington, D.C., charging that the acquisition threatened competition. The department proposed a settlement that, if accepted, would dissolve the merger and force ES&S to sell its Premier business to a buyer approved by the Justice Department.
[ ]
| |
1024-bit RSA encryption cracked by carefully starving CPU of electricity
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:24 AM (Reads: 382)
|
Source: Engadget
Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.
With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.
[ ]
| |
Limewire taps AVG for virus free torrents
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:24 AM (Reads: 136)
| |
Source: The Inquirer
POPULAR P2P FILE SHARING SERVICE Limeware has enlisted the help of anti-virus outfit AVG to offer its Pro users with free file scanning.
If the likes of the MPAA and the RIAA are to be believed, the only people who use Bittorrent sites are so called 'pirates' scouring the underbelly of cyberspace trying to get hold of the latest movies and music for free, robbing poor defenceless artists of their livelihoods in the process.
With this in mind you might think that these downloaders deserve any form of malware their PCs get infected with in their pursuit of ill-gotten gains, but Limeware appears to disagree and has licensed the AVG Anti-Virus SDK engine and integrated the anti-virus and anti-spyware protection into LimeWire Pro.
[ ]
| |
Physicists Find Way to See Through Paint, Paper, and Other Opaque Materials
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:23 AM (Reads: 133)
|
Source: Science Daily
Materials such as paper, paint, and biological tissue are opaque because the light that passes through them is scattered in complicated and seemingly random ways. A new experiment conducted by researchers at the City of Paris Industrial Physics and Chemistry Higher Educational Institution (ESPCI) has shown that it's possible to focus light through opaque materials and detect objects hidden behind them, provided you know enough about the material.
The experiment is reported in the current issue of Physical Review Letters, and is the subject of Viewpoint in APS Physics by Elbert van Putten and Allard Mosk of the University of Twente.
In order to demonstrate their approach to characterize opaque substances, the researchers first passed light through a layer of zinc oxide, which is a common component of white paints. By studying the way the light beam changed as it encountered the material, they were able to produce a numerical model called a transmission matrix, which included over 65,000 numbers describing the way that the zinc oxide layer affected light.
[ ]
| |
The Basics of SAN Security
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:20 AM (Reads: 199)
| |
Source: CIO
It’s important to protect your organization from malicious threat and from preventing hackers access to sensitive data. You also want to ensure that your organization is compliant with security regulations. When implementing infrastructure projects it’s necessary to ensure that all of the components of the implementation are secure. Storage Area Network, or SAN, is one of these components. In laymen’s terms, a SAN is a network that enables storage devices to communicate with other storage devices and computer systems. A SAN uses a high performance network, like fibre channel or Ethernet to communicate, and it typically connects disks and tape drives, RAID subsystems, robotic libraries, and file servers.
As SAN technology becomes more popular, organizations are continuing to evolve their technologies and reap the benefits that SAN has to offer. We all know that computers are attached to some type of storage, but the benefit of a SAN is that it enables Universal Storage Connectivity; the ability to connect many computers to a lot of storage devices allowing computers to negotiate device ownership and share data.
[ ]
| |
Army plans enterprise email system
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:19 AM (Reads: 171)
| |
Source: Fierce Government
The Army is planning to cut its $400 million-a-year email bill by consolidating its email systems and outsourcing the operation. In a draft solicitation request, the Army said it plans to build the entire system on Microsoft Exchange 2010. Lt. Gen Jeffery Sorenson, the Army's chief information officer who is spearheading the effort, said he'd like to see the entire Defense Department use the system.
It's a massive undertaking for the Army which supports 950,000 accounts. When a soldier moves from one location to another, he or she currently has to get a new email address, and the old one has to be deleted. And these multiple accounts open many doors for cyber hackers.
Warren Suss, president of Suss Consulting, a federal information technology consulting firm, estimates the Army could cut its $400 million operating bill in half with this new plan.
[ ]
| |
Microsoft skips patch for PowerPoint add-on
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:19 AM (Reads: 121)
|
Source: Computer World
Microsoft fixed eight flaws in Windows and Office today, but passed on patching one Windows component because it cannot be automatically updated.
The eight bugs patched today were far from the near-record 26 that Microsoft fixed last month when it delivered 13 security updates. Both of today's bulletins were ranked "important," the second-highest rating in Microsoft's four-step severity scoring system, even though the company acknowledged that the eight vulnerabilities could be used to completely compromise a Windows PC.
Although security experts recommended that users deploy the Office fix first, several argued today that the Windows update was more interesting because Microsoft declined to patch one of the two pieces of involved software.
[ ]
| |
Symantec Offers New Approach to Mobile Security
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:18 AM (Reads: 121)
| |
Source: eSecurity Planet
Symantec showed off a new approach to mobile security here at company headquarters during a media event this week. Symantec Mobile Reputation Security (SMRS) is a prototype for what the company calls a next-generation solution to mobile security developed by its research labs.
John Kelly, Symantec's (NASDAQ: SYMC) senior director of technology and business development, said mobile security requires a unique approach that both preserves open access to applications and provides assurance that those applications are safe to run.
"Symantec believes the future of mobile operating systems is openness and open APIs," he said. "Today, the applications are pre-vetted by companies like Apple (NASDAQ: AAPL) for the iPhone, but in the future that will change with Android and others."
[ ]
| |
Top Five Tips for Securing your Business Reputation
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:17 AM (Reads: 127)
| |
Source: News Maker (Australia)
There have been recent reports of how a Twitter scam has affected some well known UK politicians, issuing embarrassing Tweets from their personal accounts. Whilst these headlines may seem amusing, Lloyd Borrett, the Marketing Manager at AVG (AU/NZ), says it is worth considering the potential impact of this type of scam on your business reputation.
Reputation is everything in the world of a small business, often taking years to establish. Being targeted by a similar scam can have a detrimental effect on the reputation of your company. In a recent NCSA (National Cyber Security Alliance) study on small business security, 69% of small business owners said they would let their customers know if they suffered a security breach, whilst almost half agreed that their customers are concerned about the IT security of their business.
[ ]
| |
Hackers target freshly uncovered Internet Explorer hole
Posted by l33tdawg on Wednesday, March 10, 2010 - 12:16 AM (Reads: 194)
| |
Source: smh.com.au
Microsoft on Tuesday warned that hackers are targeting a freshly-uncovered weakness in some earlier versions of its Internet Explorer (IE) Web browser software.
Microsoft said it is investigating a hole that cyber attackers are taking advantage of in IE 6 and IE 7. "At this time, we are aware of targeted attacks attempting to use this vulnerability," Microsoft said in an advisory posted along with a routine release of patches for Windows and Office software.
"We will continue to monitor the threat environment and update this advisory if this situation changes." Hackers could use the flaw to remotely seize control of computers. The new IE 8 Web browser and an old IE 5 version are not affected, according to the US software colossus.
[ ]
| |
BITSTALKER: Accurately and effectively monitoring BitTorrent traffic
Posted by l33tdawg on Tuesday, March 09, 2010 - 02:50 AM (Reads: 616)
| |
Source: Kevin Bauer, Damon McCoy, Dirk Grunwald, and Douglas Sicker (Univ of Colorado) - PDF
BitTorrent is currently the most popular peer-to-peer network for file sharing. However, experience has shown that Bit- Torrent is often used to distribute copyright protected movie and music files illegally. Consequently, copyright enforce- ment agencies currently monitor BitTorrent swarms to iden- tify users participating in the illegal distribution of copyright- protected files. These investigations rely on passive methods that are prone to a variety of errors, particularly false positive identification.
To mitigate the potential for false positive peer identifi- cation, we investigate the feasibility of using active methods to monitor extremely large BitTorrent swarms. We develop an active probing framework called BitStalker that identifies active peers and collects concrete forensic evidence that they were involved in sharing a particular file. We evaluate the effectiveness of this approach through a measurement study with real, large torrents consisting of over 186,000 peers. We find that the current investigative methods produce at least 11% false positives, while we show that false positives are rare with our active approach.
[ ]
| |
A Practical Attack to De-Anonymize Social Network Users
Posted by l33tdawg on Tuesday, March 09, 2010 - 02:46 AM (Reads: 399)
|
Source: TR-iSecLab (PDF)
Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions of registered users, and they are interesting from a security and privacy point of view because they store large amounts of sensitive personal user data.
In this paper, we introduce a novel de-anonymization attack that exploits group membership information that is available on social networking sites. More precisely, we show that information about the group memberships of a user (i.e., the groups of a social network to which a user belongs) is often sufficient to uniquely identify this user, or, at least, to significantly reduce the set of possible candidates. To determine the group membership of a user, we leverage well-known web browser history stealing attacks. Thus, whenever a social network user visits a malicious website, this website can launch our de-anonymization attack and learn the identity of its visitors.
[ ]
| |
Vodafone distributes Mariposa botnet
Posted by l33tdawg on Tuesday, March 09, 2010 - 02:45 AM (Reads: 378)
|
Source: Panda Security Research
Here is yet another example of a company distributing malware to its userbase. Unfortunately it probably won’t be the last.
Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. “Neat” she said. Vodafone distributes this phone to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions.
The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into.
[ ]
| |
Exiled iPhone Wi-Fi apps move to Cydia
Posted by l33tdawg on Tuesday, March 09, 2010 - 02:44 AM (Reads: 302)
| |
Source: The Register (UK)
Developers kicked out of the iTunes store for using private APIs are turning to the unregulated Cydia store, and think the demographic might even suit them better.
Last week Apple kicked out a handful of applications that made use of "private framework" APIs to enable scanning for nearby hot spots. Now those apps are popping up on Cydia, with one already hitting 18,000 downloads by iPhone users willing to jailbreak their handsets to get applications that Apple won't allow.
Those figures are for WiFiFoFum, which is being given away through the Cydia store. But later this week 'yFy Network Finder' will pop up as a paid application that the developer reckons could bring in more money than when it was being sold legitimately through iTunes.
[ ]
| |
Valve announces Steam for Mac, games will allow Mac-PC online play
Posted by l33tdawg on Tuesday, March 09, 2010 - 02:43 AM (Reads: 200)
|
Source: Apple Insider
Valve officially revealed Monday that its Steam online gaming service, along with the Source engine that powers titles such as Half-Life 2 and Left 4 Dead 2, is coming to the Mac in April. Valve's library of games will be making the jump from Windows Machines, including Team Fortress 2, Counter-Strike, Portal, and the Half-Life series.
"As we transition from entertainment as a product to entertainment as a service, customers and developers need open, high-quality Internet clients," said Gabe Newell, president of Valve. "The Mac is a great platform for entertainment services."
Jason Holtman, director of business development at Valve, said the partners who sell games through the Steam online service, are "very excited" about embracing the Mac platform. The statement would imply that developers other than Valve intend to make their titles compatible with the Mac.
[ ]
| |
Intel confirms fake Core i7s on sale
Posted by l33tdawg on Tuesday, March 09, 2010 - 02:42 AM (Reads: 318)
|
Source: The Inquirer
Intel has confirmed that counterfeits of its Core i7 processors were sold through the North American online retail outlet Newegg.
We contacted Intel in the UK to find out how long it had known about the dodgy goods and whether the UK market was in danger of receiving the fake chips but Intel would only divulge name, rank and number on the issue, reponding, "Intel has been made aware of the potential for counterfeit i7-920 packages in the marketplace and is working to how many and/or where they are being sold. The examples we have seen are not Intel products but are counterfeits. Buyers should contact their place of purchase for a replacement and/or should contact their local law enforcement agency if the place of purchase refuses to help."
[ ]
| |
|
HITB Ezine
WANT TO GET PUBLISHED? SEND YOUR ARTICLES TO ZARULSHAHRIN -AT- HACKINTHEBOX.ORG
Issue #1 - #37
Issue #38
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· Botan-1.9.4.tgzBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
· gnupg-2.0.15.tar.bz2GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
· fwbuilder-4.0.0.tar.gzFirewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
· anantasoft-xsrf.txtAnantasoft Gazelle CMS suffers from a cross site request forgery vulnerability.
· secunia-etsdisclose.txtSecunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the mysqldump utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected.
· secunia-etssql.txtSecunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the username and password parameters in auth.php and login_action.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 0.99 is affected.
· notepadpoc.zipThe MS HTML Help control activex is prone to a remote CHM help file hijack vulnerability when applications invoke help. Multiple built-in applications are vulnerable to this. The impact of the vulnerability is the loading of the incorrect CHM help file when it resides in the same directory the application invoking help starts in. This proof of concept exploit leverages Notepad to demonstrate the vulnerability.
· tarcpio-overflow.txtGNU Tar and GNU Cpio suffer from a heap-based buffer overflow vulnerability. Tar versions prior to 1.23 and Cpio versions prior to 2.11 are affected.
Topics
· All topics
· AMD News (Feb 23, 2010)
· Apple News (Mar 08, 2010)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Mar 08, 2010)
· Encryption (Mar 10, 2010)
· Games (Mar 09, 2010)
· Hardware (Mar 04, 2010)
· HITB News (Feb 09, 2010)
· Industry News (Mar 10, 2010)
· Intel News (Mar 09, 2010)
· Law and Order (Mar 09, 2010)
· Linux (Feb 25, 2010)
· Microsoft (Mar 10, 2010)
· Networking (Mar 10, 2010)
· PDAs (Feb 09, 2007)
· Privacy (Mar 09, 2010)
· Red Hat (Mar 09, 2010)
· Science (Mar 10, 2010)
· Security (Mar 10, 2010)
· Software & Programming (Mar 10, 2010)
· Spam (Jan 26, 2010)
· Technology (Mar 05, 2010)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Mar 09, 2010)
· Wireless (Mar 03, 2010)
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
Real secure Virtualisation???
