Top Stories for Today
[539] How to Design a Secure DMZ [464] German ID cards hacked by the CCC [395] Malware hosted on Google Code project site [304] How Google attacks changed the security game [303] Apple's elephant in the cloud [264] Russian cops cuff 10 ransomware Trojan suspects [261] Algerian Hackers Attack Wrong Website [255] Apple's iOS 4.1 ships Sept. 8 [252] US undergrads crash NASA satellite into Arctic [248] Feds crack phone clone scam that cost Sprint $15m [230] PSJailbreak code leaked online [229] How Your Cloud Dream Is Becoming a Security Nightmare [220] Heartland to pay Discover $5M for 2008 data breach [209] Malaysian National Institute of Public Administration suffers cyber attack [190] China demands real names from mobile phone users [185] DARPA launches insider threat detection effort for military [175] VMWare Sees Big Business In Becoming The Internet Operating System [157] Windows Phone 7: Done View the Top 50 articles
Top 20 of the Last 2 Weeks
|
20 Latest Articles with Comments
Firefox Add-on Blocks 'Clickjacking' Attacks
Posted by l33tdawg on 2008-10-11 01:30:34 (Reads: 2635)
| 
Source: PC World
A popular Firefox add-on designed to block scripts and plug-ins has been updated to stymie the new "clickjacking" class of attacks, the extension's developer said Thursday. The latest version of NoScript, a free extension for Mozilla Corp.'s Firefox browser, now boasts something that Italian developer and security researcher Giorgio Maone calls "ClearClick" to protect users from clickjacking attacks.
"Rather than relying on frame/plug-in blocking, which were already available, I decided to move on and add a brand new feature, developed from scratch, for people who couldn't bear blocking frames outright," said Maone in an interview conducted via instant messaging.
In a blog post earlier this week, Maone spelled out what ClearClick does in greater detail. "Whenever you click or otherwise interact, through your mouse or your keyboard, with an embedded element which is partially obstructed, transparent or otherwise disguised, NoScript prevents the interaction from completing and reveals [to] you the real thing in 'clear,'" he said.
| |
Estonian hacker pleads not guilty to bilking cash
Posted by l33tdawg on 2010-08-09 00:58:50 (Reads: 4550)
| |
Source: AFP
An extradited Estonian hacker has pled not guilty to bilking the Royal Bank of Scotland of nine million dollars in a single day by tampering with its payroll debit cards around the world, US officials have said.
Sergei Tsurikov, 26, was extradited from Estonia on charges he and a team of young hackers committed wire and computer fraud and aggravated identity theft, which could land him in jail for up to 35 years and a fine of up to 3.5 million dollars.
The US Justice Department said Tsurikov and his people on November 2008 managed to break into the US-based RBS WorldPay site, which handles payroll debit cards used by various companies to pay their employees, who then can draw their wages from an automated teller machine, or ATM.
| |
Android app Tapsnake, secretly uploads GPS data
Posted by l33tdawg on 2010-08-17 01:46:18 (Reads: 756)
| |
Source: The Register (UK)
Researchers from anti-virus provider Symantec have outted a gaming application in Google's Android Market that tracks users' whereabouts so they can be secretly monitored in real-time.
The free app is known as Tapsnake, which bills itself as an Android variation of a video game that has been around for three decades. What the description doesn't say is that every 15 minutes, the app uploads the user's GPS coordinates to a server that can be monitored by people running a separate $4.99 app known as GPS Spy, which is made by the same developer shop.
“GPS Spy then downloads the data and uses this service to conveniently display it as location points in Google Maps,” the Symantec advisory warns. “This can give a pretty startling run-down of where someone carrying the phone has been.” Tapsnake has been downloaded from 1,000 to 5,000 times, while GPS Spy has 100 to 500 downloads.
| |
Black Hat convention hype hurts the enterprise risk management process
Posted by l33tdawg on 2010-08-09 01:11:37 (Reads: 4734)
| |
Source: Tech Target
For a few weeks in 1982, I was convinced that space aliens were outside my house. I had irrefutable evidence: strange lights, odd noises, and the like. Of course, the lights were the neighbor's pool, and the noises were the wind. I was just a child, caught up in the hysteria of having just watched the movie Alien on cable a few nights before. I eventually grew up and accepted the reality that aliens were not going to eat me.
Sometimes when I look at the security industry, I see a lot of children, quivering in their beds, sure that malicious hackers are going to eat them. The story is similar: Some "133t" hacker at Black Hat or Defcon demonstrates the latest vulnerability and the audience "oohs" and "ahhs." In the flash of a blog post, media fire up the hysteria engines and the hyperbole begins. "ATM machines are no longer secure!" "Is your money safe?" "Will terrorists take down the power grid?"
| |
The frustrations of Sony's PS3 firmware
Posted by l33tdawg on 2010-08-09 01:27:27 (Reads: 4837)
| |
Source: Arstechnica
When it comes to high definition, multiplatform console games, you have a choice: you can go Sony or you can go Microsoft. Frankly, I'm starting to think even Sony wants you to choose Microsoft. Why does it feel like I'm being punished every time I try to play a game on my PlayStation 3?
The last time I tried to play a game on the console, I was forced to download a mandatory update, which added a feature I didn't care about. (The update gave Sony the ability to suggest things to me. Gee, thanks.) The process took 30 minutes.
Then I had to actually download the game from the PlayStation Store, which took an amazingly long time compared to what I'm used to from Xbox Live or Steam. When I saw just how slowly the download was moving, I was tempted to buy it on the Xbox 360 with my own money instead of using the review code supplied to Ars, but I persevered.
| |
Hacker attack circled globe, FBI says
Posted by l33tdawg on 2010-08-09 01:42:31 (Reads: 4857)
| |
Source: Freep
In November 2008, with the nation transfixed by a presidential election and a collapsing economy, a group of international hackers infiltrated the computer network of a major financial services company in what authorities describe as one of the most sophisticated attacks ever concocted.
Their work was furtive and impressive: Around the time Barack Obama was securing his White House win, the hackers entered RBS WorldPay servers, accessed prepaid payroll card numbers, cracked their encrypted PIN codes, raised the balances on the cards and distributed dozens of them to a team of people around the world.
Then, in the span of 12 hours around Nov. 8 of that year, the group hit 2,100 ATM terminals in 280 cities spanning the world, from the U.S. to Russia to Italy to Japan. Prosecutors say they withdrew $9 million -- a haul that rivals 1,000 typical bank robberies in the U.S.
| |
Apple's head of iPhone engineering out after 'Antennagate'
Posted by l33tdawg on 2010-08-09 01:28:45 (Reads: 5093)
| |
Source: PC World (NZ)
Many felt Apple botched its initial response to the problem when it told users to buy a case or hold the iPhone 4 without touching a small gap on the lower left side of the phone.
Patrick Kerley, senior digital strategist with Levick Strategic Communications, a Washington, DC-based crisis management firm, said Apple had been caught flat-footed by the mess, and gave the company only a "C" grade for how its handling of the problem.
Although not especially noted at the time, Papermaster was not on stage at Apple's July 16 press conference. Instead, Mansfield, the executive Apple said would assume Papermaster's responsibilities, joined Jobs and Tim Cook, the company's chief operating officer, to take questions from reporters.
| |
'Porn mode' not necessarily anonymous
Posted by l33tdawg on 2010-08-09 01:43:07 (Reads: 5146)
| |
Source: CNet News
The private browsing options provided by the four major Web browser publishers aren't as anonymous and secure as most users might think, researchers at Stanford University's Computer Science Security Lab said in a new paper to be published next week at the Usenix Security Symposium.
In tests comparing the anonymity and security of the private browsing modes in Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, the paper concludes that "current private browsing implementations provide privacy against some local and Web attackers, but can be defeated by determined attackers."
| |
Mozilla plans to silently update Firefox
Posted by l33tdawg on 2010-08-09 01:20:40 (Reads: 5342)
| |
Source: Computer World
Taking a page from rival Google's playbook, Mozilla plans to introduce silent, behind-the-scenes security updating to Firefox 4.
The feature, which has gotten little attention from Mozilla, is currently "on track" to make it into the final of Firefox 4, the major upgrade slated to ship before the end of the year. Mozilla has released two beta previews of Firefox 4 in the last four weeks, and has set a third beta for next week.
Firefox 4's silent update will only be offered on Windows, Mozilla has said. Most updates, including all security updates, will be downloaded and installed automatically without asking the user or requiring a confirmation, said Alex Faaborg, a principal designer on Firefox.
| |
Network admin Terry Childs gets 4-year sentence
Posted by l33tdawg on 2010-08-09 01:44:35 (Reads: 5412)
| |
Source: Computer World
A City of San Francisco administrator who refused to hand over administrative passwords to the city's network was sentenced to four years in state prison Friday.
Terry Childs was convicted in April of violating California's hacking laws after he refused to hand over administrative control to the city's FiberWAN network in July 2008.
He was sentenced Friday by Judge Teri Jackson, according to Erica Derryck, a spokeswoman for the San Francisco district attorney's office. Although the city's network continued to run during the 12 days that Childs refused to hand over control, jurors found that by denying the city the administrative control to its own network, he had violated state law.
| |
RIM seals BlackBerry deal in Saudi Arabia
Posted by l33tdawg on 2010-08-09 01:18:14 (Reads: 5681)
| |
Source: THINQ (UK)
Canada's Research In Motion has reached a preliminary agreement with Saudi Arabia's telecom watchdog and mobile phone operators to set up a server in the country to handle Blackberry data, according to reports.
"A preliminary agreement has already been reached and a formal deal between the parties is in the final stages of negotiations," an official at a Saudi-based telecom operator apparently involved in the talks told the Wall Street Journal.
The Middle Eastern kingdom has some 700,000 BlackBerry users, but some of the services they use can't be monitored by Saudi authorities as the data is set offshore. This had them miffed and threatening to ban the device. The United Arab Emirates and several countries in the Middle East as well as India have similar concerns.
| |
WikiLeaks - we'll carry on posting
Posted by l33tdawg on 2010-08-09 01:16:13 (Reads: 6793)
| |
Source: THINQ (UK)
One of the operators of whistle-blowing website WikiLeaks said its work will go on, despite pressure from the U.S military sources worried what can of worms the site will open up next
"I can assure you that we will keep publishing documents - that's what we do," a WikiLeaks spokesman, who goes by the name of Daniel Schmitt told The Associated Press in an interview. Schmitt claimed that WikiLeaks recent publication of classified documents about the Afghanistan war was adding to the general public's understanding of the conflict.
"Knowledge about ongoing issues like the war in Afghanistan is the only way to help create something like safety," Schmitt said. "Hopefully with this understanding, public scrutiny will then influence governments to develop better politics."
| |
Assessing threat of online theft vs. cyber war
Posted by l33tdawg on 2010-08-23 00:00:00 (Reads: 332)
| |
Source: Washington Post
There's a lot of talk about the threat of cyber war these days -- the Pentagon has even stood up a new Cyber Command to unite defensive and offensive cyber capabilities -- but the more serious threat to the country may be the theft of intellectual property from computer networks, says the Pentagon's second in command.
It's less dramatic than the prospect of a hacker bringing down the power grid or sabotaging a nuclear power plant, but, "it may be the most significant cyberthreat that the United States will face over the long term," says Deputy Defense Secretary William J. Lynn III in a forthcoming article on the "Pentagon's Cyberstrategy" he wrote for Foreign Affairs.
Framing the policy debate in these terms could help focus efforts where they would bear most fruit, and help policymakers prioritize how they spend cyber dollars. "Every year, an amount of intellectual property many times larger than all the intellectual property contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government agencies," Lynn wrote in the upcoming September/October issue.
| |
Google pays $10k to patch Chrome bugs
Posted by l33tdawg on 2010-08-23 00:00:00 (Reads: 324)
| |
Source: Top Tech Reviews
This week Google has released the newest version of Google Chrome web browser and the fixes included memory corruption, address bar spoofing and browser crashes. Google took to the best digital bounty hunters on the web to help find what needed fixing and the group did not disappoint while the cost of the fixes came to a cool $10,000. Digital Bounty Hunters took to the Chrome browser and the list of bugs that were found, with corresponding bounty, include;
[$500] High Memory corruption with SVGs. Credit to wushi of team509.
[$500] High Bad cast with text editing. Credit to wushi of team509.
[$1000] High Possible address bar spoofing with history bug. Credit to Mike Taylor.
[$2000] High Memory corruption in MIME type handling. Credit to Sergey Glazunov.
[$1337] Critical Crash on shutdown due to notifications bug. Credit to Sergey Glazunov.
[$1000] High Memory corruption with Ruby support. Credit to kuzzcc.
[$1000] High Memory corruption with Geolocation support. Credit to kuzzcc.
Unlike Google and Mozilla, which pay bounty hunters to take a look at their products to find bugs that need fixing, Microsoft has made an announcement that it has NO plans to ever pay for hackers finding bugs. The patches for the Chrome browser have been listed as “critical” and were in need of attention in short order. In addition to the fixes listed, there was also a workaround issued for an external Windows kernel bug.
| |
'Halo: Reach' leaked ahead of release
Posted by l33tdawg on 2010-08-23 00:00:00 (Reads: 420)
| |
Source: Digital Spy (UK)
Halo: Reach has been leaked ahead of release.
Microsoft had recently posted the game on the Xbox Live Marketplace for reviewers to download, however a group of hackers have managed to bypass security and acquire the title.
Microsoft has released a statement saying it is investigating the matter, although the hackers have said there are no plans to release the code publicly. "We are aware of claims being made regarding a security exploit related to Halo: Reach and are aggressively investigating the matter," a spokesperson told IGN.
| |
AMD says future of GPUs is secure
Posted by l33tdawg on 2010-08-10 04:17:49 (Reads: 503)
| |
Source: PCR Online
AMD has said that it plans to continue GPU development after the company's Fusion range of combined CPU/GPU chips appear.
Writing on the AMD blog, AMD client technology unit director Godfrey Cheng wrote "I believe that the best days of the GPU are ahead of it," before citing new Mercury research indicating that the Intel and Nvidia competitor is now the market leader in discreet graphics and stating that the company intends to expand the lead further.
The new range of Fusion APUs will be pitched at "reducing power consumption and cost" rather than out and out performance, said Cheng. "In so doing we chose a level of graphics performance lower than that provided by our highest end discrete GPUs."
| |
French radio stumbles over podcasting
Posted by l33tdawg on 2006-12-13 02:10:36 (Reads: 868)
| |
Source: PC World (New Zealand)
French radio presenters have a problem with podcasting -- but it's nothing to do with technology, bandwidth or copyright.
No, the problem they have is with the word itself. Podcasting, you see, isn't French.
Defending the language from foreign invasion is something of a cause c?l?bre in France, it has to be said, but the disdain for podcasting is not about national pride: it's about being understood. If listeners can't tell what they're being offered, they're unlikely to head for the station's Web site to subscribe to new feeds.
| |
Mideast Internet usage grows 480%
Posted by l33tdawg on 2007-01-17 06:15:59 (Reads: 1485)
| |
Source: Gulf Today
THE Internet usage in the Middle East has witnessed a substantial increase of 480 per cent since 2000-'01, said a press statement.
To capitalise on this, VeriSign Inc., a leading provider of intelligent infrastructure for networked world, has opened its first Middle East office in Dubai and appointed Neil Batstone as Territory Manager.
The company's presence will enable it to protect interactions across voice and data networks in the Middle East, while improving service to its existing customers in the region previously serviced from VeriSign's EMEA headquarters in Geneva, Switzerland.
Batstone, with over five years experience working in the Middle East and ten years in the security and telecommunications industry, will build a team of local sales and technical support staff.
VeriSign expects staffing levels to ramp up quickly as the Dubai operation grows to meet increasing regional customer demand.
| |
FAA to Propose Security Cameras on Planes
Posted by l33tdawg on 2005-09-21 00:39:46 (Reads: 1268)
| |
Source: Star Tribune
The latest post-Sept. 11 security change for commercial planes may be cameras in the cabin and wireless devices for flight attendants to alert the cockpit crew to an emergency.
The Federal Aviation Administration plans to propose those ideas Wednesday and then take public comment before deciding whether to mandate the changes, The Associated Press has learned.
The plan is to give pilots a better idea of what's happening in the cabin. The Sept. 11 hijackers gained access to the flight desk after attacking flight attendants in the cabin.
"The purpose of monitoring is to identify anyone requesting entry to the flight deck and to detect suspicious behavior or potential threats,'' the FAA said in a notice to be published on Wednesday.
Airlines would have the option of using other ways to meet the requirement. Peepholes could be installed in the cockpit door, for example. Flight attendants could key the existing crew alert systems in a specific way to alert pilots of a security breach or unusual behavior.
The Allied Pilots Association, which represents American Airlines pilots, supports the idea of using cameras to monitor passengers.
"Pilots have no way of knowing what's going on behind the door,'' said Capt. Denis Breslin, spokesman for the organization.
| |
Russian spy worked at Microsoft
Posted by l33tdawg on 2010-07-15 08:52:33 (Reads: 770)
| |
Source: The Inquirer
ONE OF THE RUSSIAN SPIES recently uncovered in the farcical cold war throwback was for a time a Microsoft employee.
According to the Washington Post, Alexey Karetnikov was working at the Microsoft campus outside Seattle, Washington. He is the 12th person to have his collar felt on allegations of spying but the US authorities could only charge him with immigration violations. As a result, he was merely deported back to Russia.
A Microsoft spokesman, Lou Gellos, confirmed Karetnikov had a job as a software tester at the company for nine months.
"He was just in the early stages; [he] had just set up shop," a US federal officer told the Post. The alleged Russian sleeper agents, who apparently only gathered data they could've found down the back of the Internet, are now being debriefed by Russian intelligence in Moscow.
| |
|
Last 15 Postings to HITB Forum
Topics
· All topics
· AMD News (Aug 10, 2010)
· Apple News (Sep 02, 2010)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Sep 01, 2010)
· Encryption (Aug 30, 2010)
· Games (Aug 27, 2010)
· Hardware (Sep 01, 2010)
· HITB News (Aug 19, 2010)
· Industry News (Sep 02, 2010)
· Intel News (Aug 31, 2010)
· Law and Order (Sep 02, 2010)
· Linux (Aug 30, 2010)
· Microsoft (Sep 02, 2010)
· Networking (Sep 01, 2010)
· PDAs (Feb 09, 2007)
· Privacy (Sep 02, 2010)
· Red Hat (Mar 30, 2010)
· Science (Aug 30, 2010)
· Security (Sep 02, 2010)
· Software & Programming (Sep 02, 2010)
· Spam (Sep 01, 2010)
· Technology (Aug 30, 2010)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Sep 02, 2010)
· Wireless (Aug 26, 2010)
Packet Storm Security Latest
· nullconGoa2011-CFP.txtThe Call For Papers for nullcon Dwitiya 2.0 is now open. It takes place February 25th through the 26th, 2011 in Goa, India.
· amirocmsfaq-xss.txtAmiro.CMS version 5.8.4.0 suffers from a stored cross site scripting vulnerability.
· advanced-xss.pdfWhitepaper called Advanced XSS. Written in Arabic.
· moaub01-cpanel.pdfMonth Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected.
· moaub01-adobe.pdfMonth Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash Player suffer from a newclass invalid pointer vulnerability.
· MDVSA-2010-168.txtMandriva Linux Security Advisory 2010-168 - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly execute some sources refer to this as a use-after-free issue. The updated packages have been patched to correct this issue.
· ZSL-2010-4961.txtLEADTOOLS version 16.5.0.2 suffers from buffer overflow, integer overflow and denial of service vulnerabilities related to Active-X Common Dialogs.
· cpanelcp-xss.txtcPanel Customer Portal suffers from a cross site scripting vulnerability.
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
Re: Permission problems for cmd commands in LAN