Top Stories for Today
[57] Michael Jackson hackers hijack Sydney website [46] What to Look for in Online Backup [46] Microsoft's Gazelle browser: A layperson's explanation [44] How to Improve IT Cyber-Security with Visual Analytics [42] Boomerang attack against AES better than blind chance [37] Google App Engine suffers six-hour outage [36] Jay Leno wins cybersquatting case [36] London Stock Exchange Drops Windows System [36] Court Orders Spammers To Give Up $3.7 Million [36] The ins and outs of the extradition battle for Gary McKinnon [34] Apple patching serious SMS vulnerability on iPhone [33] UAE audit body sets up anti-fraud hotline [33] Password Recovery Questions Make Online Accounts Vulnerable [32] Psystar Emerges from Chapter 11, Launches New Mac Clone [32] China has not given up Green Dam plan [31] The EU does away with a cell phone tax [31] Judge tentatively acquits woman in MySpace case [31] Will security paranoia kill wireless health IT? [30] Cell phones used to view patient records [30] Conficker: Forgotten but not Gone [28] Bing searches to include Twitter results [26] New Energy Star 5.0 Specifications Initiated [26] BT to guarantee 15Mbits/sec with fibre [25] Mozilla slates first Firefox 3.5 patch [24] US moving cautiously on new cyber security program [18] New Kernel Vulnerabilities Affect Ubuntu 6.06, 8.04, 8.10 and 9.04 OSes View the Top 50 articles
Top 20 of the Last 2 Weeks
|
Boomerang attack against AES better than blind chance
Posted by l33tdawg on Friday, July 03, 2009 - 01:11 AM (Reads: 42)
|
Source: The Register (UK)
Cryptographic researchers have uncovered a chink in the armour of the widely used AES algorithm. The attacks pose no immediate threat to the security of AES, but they do illustrate a technique for extracting keys that is better than simply trying every possible key combination.
Instead of such a brute force approach, the researchers have derived a technique based on "finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle". Collisions in cryptographic happen when two different inputs produce the same output.
The approach, in this case, can be used to infer clues about the key used by the AES encryption cypher. AES is an encryption standard recently adopted by the US government, and widely used commercially as a result.
[   ]
| |
Jay Leno wins cybersquatting case
Posted by l33tdawg on Friday, July 03, 2009 - 01:11 AM (Reads: 36)
|
Source: MSNBC
Comedian and talk show host Jay Leno has won a cybersquatting case against a Texas man found by a U.N. agency to have misused the domain name thejaylenoshow.com to direct Internet users to a real estate website.
In a ruling issued on Thursday, the World Intellectual Property Organization (WIPO) said Leno had common law trademark rights to his name after a 30-year career in entertainment, even though Guadalupe Zambrano registered the site in 2004.
Furthermore, real estate agent Zambrano did not have any legitimate rights to the disputed web address and had registered it in "bad faith," according to the ruling by William Towns, an independent arbitrator appointed by the Geneva-based agency.
[ ]
| |
Bing searches to include Twitter results
Posted by l33tdawg on Friday, July 03, 2009 - 01:10 AM (Reads: 28)
|
Source: v3.co.uk
Microsoft has announced a new feature for its Bing search service, which will allow users to receive information on Twitter posts. The new service generates results from thousands of "carefully selected" Twitter users, according to Microsoft, including its own employees, search experts, bloggers and personalities such as Al Gore.
"Today we are unveiling an initial foray into integrating more real-time data into our search results, starting with some of the more prominent and prolific Twitterers from a variety of spheres," wrote Sean Suchter, general manager at Microsoft's Search Technology Center, in a blog post.
"This includes tweets from folks from our own search technology and business sphere, like Danny Sullivan or [technology columnist] Kara Swisher, as well as those from spheres of more general consumer appeal like Al Gore or [American Idol host] Ryan Seacrest."
[ ]
| |
Michael Jackson hackers hijack Sydney website
Posted by l33tdawg on Friday, July 03, 2009 - 01:09 AM (Reads: 57)
|
Source: stuff.co.nz
A Sydney radio show has been caught up in a global Michael Jackson spam storm, after its website was hijacked in a bid to infect users with malware.
Cyber criminals hacked into the web server of Beatz Radio, a weekly dance music show that airs on Friday nights on FM 99.3, and used the site to host a file that purported to be unseen videos and pictures of Jackson. But the file was actually a password-stealing trojan that surreptitiously loads itself on to the victim's computer and sends back to the hackers a log of every keystroke made.
Links to the bogus YouTube clip were then sprayed out across the world as part of an email spam campaign that sought to exploit the immense interest in Jackson following his death. But Beatz Radio chief Tim Little had no idea until he was contacted by AusCERT, the national Computer Emergency Response Team for Australia.
[ ]
| |
London Stock Exchange Drops Windows System
Posted by l33tdawg on Friday, July 03, 2009 - 01:08 AM (Reads: 36)
|
Source: PC World
Anyone who was ever fool enough to believe that Microsoft software was good enough to be used for a mission-critical operation had their face slapped this September when the LSE (London Stock Exchange)'s Windows-based TradElect system brought the market to a standstill for almost an entire day. While the LSE denied that the collapse was TradElect's fault, they also refused to explain what the problem really wa. Sources at the LSE tell me to this day that the problem was with TradElect.
Since then, the CEO that brought TradElect to the LSE, Clara Furse, has left without saying why she was leaving. Sources in the City-London's equivalent of New York City's Wall Street--tell me that TradElect's failure was the final straw for her tenure. The new CEO, Xavier Rolet, is reported to have immediately decided to put an end to TradElect.
[ ]
| |
Court Orders Spammers To Give Up $3.7 Million
Posted by l33tdawg on Friday, July 03, 2009 - 01:07 AM (Reads: 36)
| |
Source: Dark Reading
A U.S. district court has ordered key players in an international spam ring to give up $3.7 million that they made by sending out illegal email messages pitching bogus hoodia weight-loss products and a "human growth hormone" pill they claimed reversed the aging process.
In a Federal Trade Commission law enforcement action, the court found that the five defendants, located in Canada and St. Kitts, violated the FTC Act and the CAN-SPAM Act by participating in the spam operation. The court order bars the defendants from violating the CAN-SPAM Act and from making false or unsubstantiated claims about the health benefits of any food, drug, or dietary supplement.
[ ]
| |
What to Look for in Online Backup
Posted by l33tdawg on Friday, July 03, 2009 - 01:07 AM (Reads: 46)
| |
Source: PC World
As services become robust enough to support business networks, more businesses are considering online backup for their critical data. Some important factors to consider before making the leap:
Security: Make sure your provider is able to offer detailed information about how data is transferred to and from the backup site, and how security is guaranteed at the backup location. Reputable online backup services will include strong file encryption and access-control standards.
Availability: Find out how long it takes to restore data if it’s lost and whether there are different levels of availability for different types of data. You’ll want to know exactly how long it will take to get your most critical data back online in the event of a failure.
[ ]
| |
How to Improve IT Cyber-Security with Visual Analytics
Posted by l33tdawg on Friday, July 03, 2009 - 01:06 AM (Reads: 44)
| |
Source: eWeek
Data visualization has been around for decades, but modern desktop computers finally possess the power to turn raw data into interactive displays for analysis, enabling computer security analysts to use visual analytics techniques to solve daily problems.
Although many other tools exist to assist organizations with computer security—from intrusion detection and prevention systems to firewalls and anti-virus applications—none of these solve the data overload problem as effectively as visual analytic software. This is because the problem central to data analysis is an effective reduction of false positives and superfluous data, while preserving important information (sometimes called "improving the signal-to-noise ratio").
Visual analytics allows analysts to interactively apply a wide variety of tools to make important data pop out of the abyss and become instantly understandable. In essence, visual analytics reduces the time taken to convert information to knowledge by an order of magnitude or better.
[ ]
| |
Will security paranoia kill wireless health IT?
Posted by l33tdawg on Friday, July 03, 2009 - 01:05 AM (Reads: 31)
| |
Source: ZDNet (Healthcare)
Frost & Sullivan is out with a piece praising the potential of wireless technologies in health IT, but warning of security concerns.
Yesterday’s piece about WellAWARE is a good example of what’s possible. Short-haul wireless links monitor patients without their having to wear anything. Cellular phone calls can alert caregivers to problems, and wireless data links can offer specifics.
Without wireless technologies such miracles would not be possible. But paranoia over security could kill such applications in the crib. Frost & Sullivan’s wireless analysts can come up with all the scary scenarios they want, but where is the real danger?
[ ]
| |
New Energy Star 5.0 Specifications Initiated
Posted by l33tdawg on Friday, July 03, 2009 - 01:04 AM (Reads: 26)
| |
Source: Maximum PC
It was on July 20, 2007 that the Energy Star 4.0 computer specifications came into effect, which was most notable for including requirements for power supplies that met the standards of the 80 PLUS program. As of yesterday, all around requirements have become a little more strict as the new Energy Star 5.0 specs go into effect.
Any computer product (game consoles not included) manufactured on or after July 1, 2009 must meet the Version 5.0 requirements to qualify for the Energy Star certification, even if models were originally qualified under the 4.0 specifications. Making it a little tougher this time around, a computer's power supply must have an 85 percent minimum efficiency at 50 percent of the rated output and 82 percent minimum efficiency at 20 percent and 100 percent of rated output.
[ ]
| |
Conficker: Forgotten but not Gone
Posted by l33tdawg on Friday, July 03, 2009 - 01:04 AM (Reads: 30)
|
Source: Yahoo! Tech
Conficker may not dominate the headlines any longer, but it's still going strong, according to Trend Micro's Malware Blog and stats from the Conficker Working Group.
The worm/botnet grabbed plenty of attention earlier this year, and I wrote plenty about it myself. Part of that focus came from its giant infection rate, part from its sophisticated techniques, and part was pure hype. And after a ballyhooed April Fool's day threat came and went with little incident, it seemed to largely vanish from the public eye.
But it didn't go away. According to stats from the Conficker Working Group, the number of unique IPs seen infected with the first two Conficker variants has bounced around some, but has generally risen since the end of May. On 5/31 it was at 3.7 million. On 6/29, it was 5.1 million.
[ ]
| |
The EU does away with a cell phone tax
Posted by l33tdawg on Friday, July 03, 2009 - 01:03 AM (Reads: 31)
| |
Source: Gadgetell
Recently, the EU was in discussion about a possible cell phone tax in Europe, which would pretty much affect everyone who wished to purchase a phone. Of course, big cell phone manufacturers such as Nokia and Sony Ericsson protested such a tax because their sales would fall.
Currently, the EU is based in Sweden, and after a vote was held in a meeting yesterday, it was clear what the public wanted. The vast majority of the EU members voted for duty-free cell phones. As you can imagine, cell phone sales are already falling in Europe due to bad economic times, and a higher tax would have only further plummeted sales.
Back in December, the EU searched for a way to differentiate these “multi-functional devices” we call cell phones. They came up with two pretty broad categories - cell phones with TV reception, and cell phones with GPS navigation. Basically, any phone with TV receivers would have been slapped with a 14% tax, while phones with GPS navigation would have been slapped with a 3.7% tax.
[ ]
| |
Mozilla slates first Firefox 3.5 patch
Posted by l33tdawg on Friday, July 03, 2009 - 01:03 AM (Reads: 25)
|
Source: Network World
Mozilla will patch the just-released Firefox 3.5 in the next few weeks to stamp out several bugs that went unfixed in the final version of the browser, the company said Tuesday.
Firefox 3.5.1, which Mozilla intends to deliver in mid-to-late July, will include fixes for at least three bugs and "topcrashes," the term the company uses to describe the frequently-reported crashes. Like many applications, Firefox asks users to report crashes by displaying a prompt after the browser goes down.
"[The] goal of this release should be a quick turnaround that fixes topcrashes and bugs we almost held ship for," Mozilla said in notes published after a weekly status meeting. One of the topcrashes scheduled for a fix involves TraceMonkey, the new, faster JavaScript engine that debuted in Firefox 3.5. At least one of the bugs was fixed a week before Mozilla released the final code on Tuesday.
[ ]
| |
BT to guarantee 15Mbits/sec with fibre
Posted by l33tdawg on Friday, July 03, 2009 - 01:01 AM (Reads: 26)
|
Source: PC Pro (UK)
BT will guarantee connection speeds of at least 15Mbits/sec on its forthcoming fibre network.
The company is accelerating its nationwide fibre rollout, and now plans to connect a million premises by next March, and 1.5 million by next summer.
The good news for small business customers is that BT plans to guarantee the speed of the connection on fibre lines. "There will be an SLA [service level agreement] associated with the product," said David Campbell, managing director of next-generation access at BT Openreach. "We will accept a fault and fix it if the line drops below 15 meg."
BT's fibre-to-the-cabinet (FTTC) lines will offer download speeds of up to 40Mbits/sec, but BT claims the upload speeds will be more impressive.
[ ]
| |
US moving cautiously on new cyber security program
Posted by l33tdawg on Friday, July 03, 2009 - 01:00 AM (Reads: 24)
| |
Source: Washington Post
The Obama administration is moving cautiously on a new pilot program that would both detect and stop cyber attacks against government computers, while trying to ensure citizen privacy protections.
The pilot program, known as Einstein 3, was supposed to launch in February. But the Department of Homeland Security is still pulling the plan together, according to senior administration officials.
Einstein 3 has triggered debate and privacy concerns because the program will use National Security Agency technology, which is already being employed on military networks. Any involvement of the NSA - the agency oversees electronic intelligence-gathering - in protecting domestic computer networks worries privacy and civil liberties groups who oppose giving such control to U.S. spy agencies.
[ ]
| |
Google App Engine suffers six-hour outage
Posted by l33tdawg on Friday, July 03, 2009 - 12:34 AM (Reads: 37)
| |
Source: The Register (UK)
Google App Engine - the development and hosting cloud that serves up third-party apps and websites - was on the fritz for a good six hours this morning.
According to a public note from Google's App Engine team, the service began experiencing problems at around 6:30am Pacific. "We're currently seeing elevated Datastore latency and error-rates, as well as elevated serving error-rates," the note read. "All applications accessing the Datastore are affected."
By 8:45am, the App Engine team was in "unplanned maintenance mode," disabling all application deployments, Datastore writes, and memcache writes. Problems continued for nearly four hours. At 12:35, the team announced that all functions had returned to normal.
[ ]
| |
Psystar Emerges from Chapter 11, Launches New Mac Clone
Posted by l33tdawg on Friday, July 03, 2009 - 12:33 AM (Reads: 32)
|
Source: OS News
Well, it really seems as if Psystar is committed to continue its business, no matter what. The company entered chapter 11 bankruptcy protection in May, and many wondered if this meant the end of the clone maker and the legal case between Apple and Psystar. Well, today the clone maker announced that it is emerging from chapter 11, and while they're at it, they also introduce a new "Mac".
The fact that the company is emerging from chapter 11 bankruptcy protection is probably the biggest surprise. Many thought that this would mean the end of the small company; not an odd thing considering the costs of litigation and company operation. "As you all may already be aware in late May, Psystar filed for Chapter 11 protection. Although this was critical to our continued daily operations, we now are ready to emerge and again battle Goliath," the company states, "More information will be available in the coming days when we will be formally discharged by the Bankruptcy court."
"When life gives you apples, make applesauce," they add cheekily.
[ ]
| |
Microsoft's Gazelle browser: A layperson's explanation
Posted by l33tdawg on Friday, July 03, 2009 - 12:32 AM (Reads: 46)
| |
Source: ZDNet (Blog)
Microsoft Research has published a new article that explains in more layperson-like terms exactly what its “Gazelle” Web browser is and why the company’s researchers believe it’s needed.
Microsoft is slated to present a paper on Gazelle at the Usenix Security Symposium in August. At that event, the Gazelle team will describe “the design and construction of a browser that is actually a multi-principal operating system.” (A copy of Microsoft’s Gazelle Usenix paper is available now.)
I’ve had Gazelle (the project which started life as “MashupOS”) explained to me a couple of times, but I never quite understood it. The new Microsoft-authored article, however, actually helped me understand more about where Microsoft is going with this project.
[ ]
| |
Judge tentatively acquits woman in MySpace case
Posted by l33tdawg on Friday, July 03, 2009 - 12:29 AM (Reads: 31)
| |
Source: Associated Press
A federal judge on Thursday tentatively threw out the convictions of a Missouri mother for her role in a MySpace hoax directed at a 13-year-old neighbor girl who ended up committing suicide.
U.S. District Judge George Wu said he was acquitting Lori Drew of misdemeanor counts of accessing computers without authorization but stressed the ruling was tentative until he issues it in writing. He noted the case of a judge who changed his mind after ruling. Drew showed no reaction to the decision.
She was convicted in November, but the judge said that if she is to be found guilty of illegally accessing computers, anyone who has ever violated the social networking site's terms of service would be guilty of a misdemeanor. That would be unconstitutional, he said.
[ ]
| |
Password Recovery Questions Make Online Accounts Vulnerable
Posted by l33tdawg on Friday, July 03, 2009 - 12:28 AM (Reads: 33)
| |
Source: ghacks.net
Password recovery questions are great to recover a forgotten password in a matter of seconds. All that needs to be done is to answer the password recovery question to receive a new password in the email inbox. This does however make email hacking a profitable business as email accounts are usually connected to online stores and other web services. Attackers with access to a compromised email account only need to answer the secret question to retrieve the password of the web account. This matter is definitely more secure than sending out the password without confirmation on the user’s request.
A recent study shows on the other hand that password recovery questions are usually answered honestly. Questions about the birth town, mother’s maiden name or first animal name can sometimes be easily guesses. The study asked acquaintances of 32 webmail users to guess the answer to the secret question. Roughly 20% of these answers were guessed correctly.
[ ]
| |
|
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· opialaid-sql.txtOpial version 1.0 suffers from a remote SQL injection vulnerability.
· glsa-200907-02.txtGentoo Linux Security Advisory GLSA 200907-02 - Two vulnerabilities in ModSecurity might lead to a Denial of Service. Versions less than 2.5.9 are affected.
· glsa-200907-01.txtGentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected.
· rentventory-sql.txtRentventory PHP suffers from multiple remote SQL injection vulnerabilities.
· petite-sql.txtThis paper is a small SQL injection tutorial and is written in French.
· oCERT-2009-009.txtCamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.
· USN-795-1.txtUbuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.
· USN-794-1.txtUbuntu Security Notice USN-794-1 - It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service.
Topics
· All topics
· AMD News (Jun 04, 2009)
· Apple News (Jul 03, 2009)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Jul 02, 2009)
· Encryption (Jul 03, 2009)
· Games (Jul 02, 2009)
· Hardware (Jul 01, 2009)
· HITB News (Apr 15, 2009)
· Industry News (Jul 03, 2009)
· Intel News (Jun 29, 2009)
· Law and Order (Jul 03, 2009)
· Linux (Jul 03, 2009)
· Microsoft (Jul 03, 2009)
· Networking (Jul 03, 2009)
· PDAs (Feb 09, 2007)
· Privacy (Jun 30, 2009)
· Red Hat (Jul 02, 2009)
· Science (Jun 23, 2009)
· Security (Jul 03, 2009)
· Software & Programming (Jul 03, 2009)
· Spam (Jun 11, 2009)
· Technology (Jul 03, 2009)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Jul 03, 2009)
· Wireless (Jun 29, 2009)
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
An informal tool