Top 20 of the Last 2 Weeks
|
Torrentreactor breach serves potent exploit cocktail
Posted by l33tdawg on Thursday, July 02, 2009 - 01:30 AM (Reads: 324)
|
Source: The Register (UK)
Torrentreactor has long been regarded as one of the top bit torrent search engines, and with the demise of The Pirate Bay, it's likely bigger than ever. Now, it's been breached and is serving a potent cocktail of exploits to people browsing the site, Websense Security Labs says.
Attackers have managed to inject an iframe into the site that scours Torrentreactor visitors' computers from a long list of vulnerable applications, including Adobe's Reader and Shockwave programs and Microsoft's Internet Explorer and Office Snapshot Viewer. When it finds one, it downloads and runs a malicious file.
According to Websense, the malware has an extremely low detection rate, with just two of 32 anti-virus engines identifying the threat. Once executed, it installs a rootkit on victims' machines.
[   ]
| |
Veracode expands secure mobile applications
Posted by l33tdawg on Thursday, July 02, 2009 - 01:29 AM (Reads: 160)
|
Source: Total Telecom
Veracode Inc., provider of the world’s leading Application Risk Management Platform, today announced expansion of its SecurityReview® cloud-based subscription service to support mobile applications. With more than 100,000 mobile applications already in the market and millions of mobile users accessing critical business data, the security risk posed by these applications is staggering.
Veracode announced immediate availability for Windows Mobile with near term support for other platforms such as RIM BlackBerry, Google Android and Apple iPhone. Veracode’s SecurityReview is the first solution to enable enterprises and software vendors to assess the security risk of mobile applications before they are shipped or deployed to combat the growing number of data breaches and compliance failures.
[ ]
| |
F-Secure: Adobe Still Unpatched as Attacks Rise
Posted by l33tdawg on Thursday, July 02, 2009 - 01:29 AM (Reads: 182)
| |
Source: Internet News
In its quarterly threat update, security company F-Secure warned that many known vulnerabilities remain unpatched, and flaws in popular Adobe software are at the top of that list.
Despite the availability of patches to fix security holes, "statistics from our Health Check application show that during the month of May, one in three computers scanned were vulnerable to an Adobe Reader flaw reported in the month of February," F-Secure said.
The findings mark the latest example of how large numbers of users and system administrators fail to properly update their systems with the latest -- and most secure -- software. In April, a Microsoft study concluded that much of users' problems with infected files stems from not being diligent in updating their software.
[ ]
| |
PostgreSQL 8.4 adds 293 enhancements
Posted by l33tdawg on Thursday, July 02, 2009 - 01:28 AM (Reads: 126)
|
Source: Internet News
The open source PostgreSQL database is out with a new release today that introduces new administration and database features for users. In total, PostgreSQL 8.4 includes 293 enhancements from the previous 8.3 release, an update that was primarily centered around performance.
"There is no performance change [that] affects all users equally across the board," PostgreSQL project core team member Josh Berkus told InternetNews.com. "However, there are several changes with dramatically improve performance for several specific common use cases."
The new PostgreSQL release comes at a critical time in the open source database market, as rival MySQL is about to be absorbed into Oracle as part of its acquisition of Sun.
[ ]
| |
Workaround to re-enable Hulu on the PS3
Posted by l33tdawg on Thursday, July 02, 2009 - 01:27 AM (Reads: 191)
|
Source: Engadget
A few days after blocking PlayStation 3 users, Hulu has yet to respond to questions concerning the change which has only helped to fuel rumors it is related to the Microsoft ad campaign currently featured on the site, but that seems less likely now that we've confirmed it also began blocking the Flash-enabled Skyfire browser on Windows Mobile devices at the same time.
Whatever the cause is, if you prefer a homegrown hack over something like PlayOn or TVersity, Eric over at ypass.net has put together a simple enough walkthrough for creating an "unblockable" workaround by setting up a locally connected PC running Linux or Windows with the freely available Squid proxy server software that will make your PS3 look like appear as a PC running a Firefox (or whatever you prefer) browser to any website that asks.
[ ]
| |
Red Hat Program Certifies Partners to Put Linux on Cloud
Posted by l33tdawg on Thursday, July 02, 2009 - 01:25 AM (Reads: 127)
|
Source: Yahoo! Tech
Red Hat has launched a new partner program to make sure its enterprise Linux and JBoss software are core components of a cloud-computing infrastructure, and to guarantee that Red Hat-based applications will run reliably and safely in the cloud.
The new Premier Cloud Provider Certification and Partner Program unveiled this week certifies cloud-computing providers to offer applications and infrastructure based on Red Hat software, including Red Hat Enterprise Linux (RHEL) and JBoss Java middleware, according to Red Hat.
Amazon Web Services, which already has a technology partnership to run RHEL as part of its Elastic Compute Cloud (EC2) offering, has signed on to become the first Red Hat Premier Cloud Provider Partner.
[ ]
| |
Blizzard Trademarks "Cataclysm" - New Game Or WoW Expansion?
Posted by l33tdawg on Thursday, July 02, 2009 - 01:24 AM (Reads: 195)
|
Source: G4TV
A sneaky Internet sleuth has discovered that Blizzard Entertainment has recently filed for trademarks under the name "Cataclysm" in the computer games, paper-based products, and online entertainment services. Is this an all-new game, a World of WarCraft expansion, or something else entirely?
All signs point to a new World of WarCraft expansion. WoW.com noticed that the domain name "wowcataclysm.com" has just expired from a squatter based in Australia with the URL transferring over to GoDaddy, the same service that handles all of Blizzard's domain names.
[ ]
| |
Suspicions of Insider Trading Surround Pirate Bay Buyers
Posted by l33tdawg on Thursday, July 02, 2009 - 01:18 AM (Reads: 137)
| |
Source: Torrent Freak
Shares in GGF rose dramatically yesterday on the news that the company is set to acquire The Pirate Bay. However, about a week ago equity marketplace Aktietorget shut down trading of GGF’s stock after unusually large trading volumes led to a rapidly increasing stock price, prompting suspicions of illegal trading.
Confidence and trust in the BitTorrent community reached a possible all-time low yesterday as news broke that the world’s largest tracker, The Pirate Bay, would be sold to the corporate Global Gaming Factory X (GGF).
The acquisition for $7.8m (SEK 60 million) came as a huge shock to most people familiar with The Pirate Bay, as GGF promised that when it takes over the site it will eliminate illicit file-sharing - the base upon which The Pirate Bay achieved its worldwide fame and enabled it to gather millions of loyal users.
[ ]
| |
Taiwanese Blank Media Makers to Double Blu-Ray Disc Output
Posted by l33tdawg on Thursday, July 02, 2009 - 01:17 AM (Reads: 107)
| |
Source: X-Bit Labs
Two Taiwan-based optical disc makers plan to rather dramatically increase output of blank Blu-ray discs (BDs) in the second half of the year. Ritek and CMC Magnetics are already among the largest BD makers and further expansion of capacities will allow the companies to strengthen their positions.
Ritek intends to increase production of blank Blu-ray discs from one million per month to two million per month in Q3 2009, whereas CMC Magnetics will add two BD production lines to existing one line on the second half of 2009, reports Chinese-language Economic Daily News paper (which article was partly translated by DigiTimes web-site). As a result, Ritek will increase Blu-ray blank media manufacturing by 100%, whereas CMC will boost the blank BD output by 200%.
[ ]
| |
Child Porn Is Apple’s Latest iPhone Headache
Posted by l33tdawg on Thursday, July 02, 2009 - 01:16 AM (Reads: 292)
|
Source: Wired
A photo ostensibly showing a 15-year-old nude girl has appeared in an iPhone app, highlighting Apple’s inability to safeguard its application store from prohibited content.
The image appears in the free app BeautyMeter, which enables people to upload photos that are then rated by others, who assign a star-rating to each other’s body parts and clothing. It’s much like an iPhone version of Hot or Not and many similar sites.
The photo to the right (censored by Wired.com) depicts a photo of a nude girl snapping a photo of her reflection in a mirror. In the screenshot, the girl, who is listed as a 15-year-old from the United States, is topless and partially nude at the bottom. Nearly 5,000 users of the app have rated the photo. iPhone app review site Krapps discovered the photo.
[ ]
| |
Windows 7 Build 7264 Leaked
Posted by l33tdawg on Thursday, July 02, 2009 - 01:14 AM (Reads: 302)
|
Source: TweakTown
Microsoft seems to be pushing much closer to the RTM of Windows 7 with the latest build that has been leaked on the web.
Windows 7 build 7264 it the first version that no longer uses beta/RC keys. If everything goes well then Microsoft should be right on track for the July 13th release of the RTM.
This should be something that hackers everywhere are jumping on. As is no longer accepts the beta and RC keys, it should also feature the retail activation and hackers everywhere will be dying to claim to be the first to crack it.
[ ]
| |
The Hacker Ethic - Harming Developers?
Posted by l33tdawg on Thursday, July 02, 2009 - 01:13 AM (Reads: 138)
| |
Source: O'Reilly Radar
On Monday Neil McAllister posed the question "is the hacker ethic harming American developers?" Slashdot picked it up and Tim forwarded it to the Radar list. As you might expect, it resulted in some spirited discussion.
James Turner kicked things off with this response (it has been slightly edited from its email form). After James lays out his argument I'll reply with my thoughts. Then we hope to hear from you. Let us know what you think.
[ ]
| |
Website for Indian Institute of Remote Sensing under attack
Posted by l33tdawg on Thursday, July 02, 2009 - 01:12 AM (Reads: 121)
| |
Source: PC1 News
Cyber criminals work hard each day trying to spread their malicious activities, and there are no signs that they are going to stop. On the contrary, they are doing their best to improve their attacks and increase the success of them. This time security experts from Finjan are warning everybody against the hacked 'iirs-nrsa.gov.in' website of India's Institute of Remote Sensing. Cyber criminals are using this website as a malicious code distribution channel.
How does the whole attack occur? And what is the hackers purpose of using it? The attack involves the injection of a script into a website which adds an IFrame to the page. The researchers from Finjan explained that "The IFrame created by this script points to malicious content hosted on a server in Texas armed with the LuckySploit attack toolkit."
[ ]
| |
Bogus Flash Player Dropping BKDR_IRCBOT.BW
Posted by l33tdawg on Thursday, July 02, 2009 - 01:11 AM (Reads: 116)
|
Source: PC1 News
Want to see exclusive videos and photos of Michael Jackson? Then go to your inbox and you'll definitely find some of them there. All you need to do is simply click on the provided link or download an attachment. Quite easy, isn't it... except for the fact that all this is just a part of a hackers' attack aimed at spreading malware. This time, malware by the name of BKDR_IRCBOT.BW is being dropped by another malware called HTML_DLOADR.ARM.
All this malware comes with one (out of many) spam campaign, using the death of Michael Jackson as a lure to trick as many potential victims as possible. The message in this spam is written in Spanish. It is purportedly being sent from CNN Mexico and presents real and accurate information about Jackson's death. The fact that the message itself presents real information adds to the success of this attack.
[ ]
| |
Bulgarian Prime Minister's website defaced
Posted by l33tdawg on Thursday, July 02, 2009 - 01:09 AM (Reads: 127)
| |
Source: Sofia Echo
The official website of Bulgarian Prime Minister Sergei Stanishev appeared to have been hacked and defaced on July 1.
The title of the homepage had been changed to "the officially hacked page" and the page's content was replaced by a text that read; "This site was hacked by several ANGRY, but otherwise normal Bulgarian citizens."
"You have to be extremely stupid and incompetent if you think that your campaign can mislead anyone but the most uneducated. Is that your electorate?" "We have had enough of watching you strip Bulgaria before our eyes, to destroy our natural resources and our reputation as a country."
[ ]
| |
Hackers steal money from Bullitt County account
Posted by l33tdawg on Thursday, July 02, 2009 - 01:08 AM (Reads: 131)
| |
Source: Wave3
Over $400,000 is missing from a bank account for Bullitt County government and authorities are calling it electronic theft.
Greg Schreacke, president of First Federal Savings Bank, said someone was able to get into the county's network. Once inside, the hackers had access to all of the county's computers, user names and password. Schreacke said the group accessed the network from another country and that is how authorities were able to trace it.
"This is a pretty sophisticated group, so there's a high likelihood some of the money is going to be missing. They're the pros at it. However, we're going to get a substantial amount back," said Schreacke.
[ ]
| |
Magic Lantern unofficial camera firmware shows Canon how it's done
Posted by l33tdawg on Thursday, July 02, 2009 - 01:07 AM (Reads: 147)
| |
Source: Gizmag
Canon might want to consider putting a certain Trammell Hudson on the payroll. Hudson has developed an enhancement to the firmware of the Canon 5D Mark II digital SLR camera to make the already impressive camera an even more attractive option for shooting professional video. Dubbed ‘Magic Lantern’, the new firmware includes both audio and video fixes and is a completely open platform, meaning users are free to extend the Magic Lantern firmware themselves.
Since the 5D Mark II’s stock firmware was a little lacking in the audio department, that’s the area that Hudson has targeted with the first release, but there are a few video enhancements as well.
The audio enhancements include on-screen audio meters, manual gain control and disabling of automatic gain control (AGC). Video enhancements include crop marks for filming in different formats (16:9, 2.35:1 and 4:3) and zebra striping for overexposed areas.
[ ]
| |
Feds arrest man behind DDoS attacks against Rolling Stone
Posted by l33tdawg on Wednesday, July 01, 2009 - 12:22 AM (Reads: 333)
|
Source: Computer World
A Pennsylvania man has been charged with allegedly launching distributed denial-of-service (DDoS) attacks against at least nine Web sites, including Rolling Stone magazine's site, which was attacked multiple times for nearly a year.
Bruce Raisley, of Monaca, Pa., has been charged with intentionally causing damage to a protected computer. Raisley, who surrendered to authorities, is scheduled for a court hearing this afternoon in U.S. District Court in Newark, N.J.
According to FBI Special Agent Susan Secco's written account in a criminal complaint, Raisley allegedly launched repeated DDoS attacks against several Web sites for close to a year. All of the sites targeted ran one of two articles about the controversial organization Perverted Justice, which works to identify sexual predators and pedophiles. The group worked with the producers of Dateline NBC's popular To Catch a Predator reality TV show, which aimed to catch adults in the act of contacting minors for sexual liaisons.
[ ]
| |
Computers could soon be heating buildings
Posted by l33tdawg on Wednesday, July 01, 2009 - 12:21 AM (Reads: 206)
|
Source: Computer Weekly
Technology is being tested that allows heat generated by computers to warm offices and homes. IBM has launched a trial in Switzerland that could see the heat produced by large datacentres being recycled to heat offices.
The three-year trial of the Aquarsar system could reduce carbon emissions by 85% because of lower demand for central heating, and less energy being needed to cool processors inside PCs. Datacentres are responsible for a large share of global energy consumption. This is growing as use of the internet grows and developing countries strengthen their technology industries and infrastructures.
The Guardian reported that in 2005 datacentres were responsible for 1% of global electricity consumption - double the figure of five years earlier. The figure is thought to be rising rapidly but it is not totally clear by how much because companies often will not disclose how many datacentres they run and how much energy they use.
[ ]
| |
Google unveils new ‘Twitter phone’
Posted by l33tdawg on Wednesday, July 01, 2009 - 12:19 AM (Reads: 229)
|
Source: Net Imperative
Google has launched a new mobile phone that links Twitter and Facebook updates to a user's contact book. Google has launched a new mobile phone that links Twitter and Facebook updates to a users contact book.
The HTC Hero, which runs on Google's Android platform, is aimed at rivalling recent smartphones such as Apple’s new iPhone 3Gs and Nokia's N97 phone. The Hero lets users to view their Twitter messages on their homescreen and see friends' online updates alongside their contact details.
[ ]
| |
|
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· opialaid-sql.txtOpial version 1.0 suffers from a remote SQL injection vulnerability.
· glsa-200907-02.txtGentoo Linux Security Advisory GLSA 200907-02 - Two vulnerabilities in ModSecurity might lead to a Denial of Service. Versions less than 2.5.9 are affected.
· glsa-200907-01.txtGentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected.
· rentventory-sql.txtRentventory PHP suffers from multiple remote SQL injection vulnerabilities.
· petite-sql.txtThis paper is a small SQL injection tutorial and is written in French.
· oCERT-2009-009.txtCamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.
· USN-795-1.txtUbuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.
· USN-794-1.txtUbuntu Security Notice USN-794-1 - It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service.
Topics
· All topics
· AMD News (Jun 04, 2009)
· Apple News (Jul 02, 2009)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Jul 02, 2009)
· Encryption (Jun 26, 2009)
· Games (Jul 02, 2009)
· Hardware (Jul 01, 2009)
· HITB News (Apr 15, 2009)
· Industry News (Jul 02, 2009)
· Intel News (Jun 29, 2009)
· Law and Order (Jul 01, 2009)
· Linux (Jul 01, 2009)
· Microsoft (Jul 02, 2009)
· Networking (Jun 27, 2009)
· PDAs (Feb 09, 2007)
· Privacy (Jun 30, 2009)
· Red Hat (Jul 02, 2009)
· Science (Jun 23, 2009)
· Security (Jul 02, 2009)
· Software & Programming (Jul 02, 2009)
· Spam (Jun 11, 2009)
· Technology (Jul 01, 2009)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Jul 02, 2009)
· Wireless (Jun 29, 2009)
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
An informal tool