Top Stories for Today
[699] 8 weird but cool Android apps [451] Sun’s open source chief leaves after Oracle merger [345] No Trace: How to Completely Erase Your Hard Drives, SSDs and USB Drives [343] Douglas Duchak charged over bid to damage US security database [326] Schneier: Fight for privacy or kiss it good-bye [298] The top 10 geek anthems of all time [296] Four over-rated security technologies [267] No-Fly List Includes the Dead [243] Zeus Botnet Dealt a Blow as ISP Troyak Knocked out [225] EFF knocks Apple's 'secret' restrictive developer agreement [219] New Gestures coming to iPhone/iPad: Triple tap and long press [218] How deep can Intel get inside the smart grid? [204] Google Street View to cover 96 per cent of UK roads from tomorrow [201] Soft skills lacking in candidate-rich market [192] ARM Expects 50 Tablet Devices to Hit the Market This Year [191] F-Secure: Hackers love to exploit PDF bugs [179] Android native development kit updated [174] LED lights may be the future of broadband [171] Turkish police detain 23 PKK hackers in 13 provinces [169] 'Jihad Jane' Exposes Web's Dark Side [165] Reader exploit prompts Adobe update alert [165] Twitter Becomes More Proactive About Phishing [151] 12% of employees knowingly violate company IT policies [149] New Zealand's internet filter goes live [146] Our Apps Are Vulnerable -- And Constantly Attacked View the Top 50 articles
Top 20 of the Last 2 Weeks
|
8 weird but cool Android apps
Posted by l33tdawg on Thursday, March 11, 2010 - 01:26 AM (Reads: 699)
|
Source: Computer World
L33tdawg: If you're looking for a way to examine Android apps, Marc Schoenefeld will be releasing a new reverse engineering tool for Android applications called undx2 next month at HITBSecConf2010 - Dubai.
So you told your boss that you bought your Android smartphone so that you could track your business calls, be more effective when traveling for your company, have easy access to Gmail and keep your organization's Twitter feed current. But we know what's really going on -- you got that smartphone because it was cool and because you wanted to play with all the apps. (And possibly because it wasn't Apple or AT&T.)
Just for the heck of it, I've gathered eight free apps that are just plain fun to use. A couple of them are also actually useful; another two are sort of useful (if you stretch the point a bit); the last four are just there to play with.
[   ]
| |
Schneier: Fight for privacy or kiss it good-bye
Posted by l33tdawg on Thursday, March 11, 2010 - 01:22 AM (Reads: 326)
|
Source: Network World
If the public wants online privacy it had better fight now for laws to protect it because businesses won't and individuals don't have the clout, security expert Bruce Schneier told RSA Conference.
The longer information-privacy policies go unset, the more likely it is that they never will be set, says Schneier, an author of books about security and CTO of security consultant BT Counterpane. As young people grow up with broad swaths of information about them in the public domain, they will lose any sense of privacy that older generations have.
And they will have no appreciation that lack of privacy shifts power over their lives from themselves to businesses or governments that do control their information. Laws protecting digital data that is routinely gathered about people are needed, he says. "The only lever that works is the legal lever," he says. "How can we expect the younger generation to do this when they don't even know the problem?"
[ ]
| |
Soft skills lacking in candidate-rich market
Posted by l33tdawg on Thursday, March 11, 2010 - 01:21 AM (Reads: 201)
|
Source: The Standard
Recruitment firm Kelly Services says demand for skilled and experienced IT professionals continues, despite recent economic conditions.
Late last year, Kelly Services conducted a workplace survey in 12 countries, including New Zealand, polling senior IT decision makers across many industries.
In the New Zealand survey, approximately 71 percent of respondents reported an increase or no change in demand for IT staff. This was little different from Kelly Services' previous survey, carried out in July 2008, when 80 percent of respondents described the effects of the then-IT skills shortage as moderate to severe.
[ ]
| |
Zeus Botnet Dealt a Blow as ISP Troyak Knocked out
Posted by l33tdawg on Thursday, March 11, 2010 - 01:20 AM (Reads: 243)
|
Source: PC World
Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.
Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.
The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it."
[ ]
| |
Twitter Becomes More Proactive About Phishing
Posted by l33tdawg on Thursday, March 11, 2010 - 01:19 AM (Reads: 165)
| |
Source: Yahoo! News
Twitter is finally being proactive about the large number of phishing scams that have plagued the micro-blogging service in the past year. On Wednesday, Twitter introduced its own anti-phishing service designed to protect its users from these types of attacks. The new security measures will focus on Twitter direct messages (DMs) -- private tweets addressed to a specific user -- and corresponding e-mail notifications. Twitter believes DMs are the primary source of Twitter-based phishing attacks, and has not yet announced any plans to extend the new service to regular Twitter messages.
DMs will now be routed through Twitter's anti-phishing service to "detect, intercept, and prevent the spread of bad links," Del Harvey, director of Twitter's trust and safety team, wrote in a recent blog post. After Twitter has approved a link, it will be delivered to users via a new 'twit.tl' URL instead of bit.ly, tinyURL or other link-shortening services. Twitter also claims that if a bad link gets through to a user via e-mail, the company would still "be able to keep that user safe."
[ ]
| |
Google Street View to cover 96 per cent of UK roads from tomorrow
Posted by l33tdawg on Thursday, March 11, 2010 - 01:19 AM (Reads: 204)
| |
Source: CNet (Crave)
Google will make a further 210,000 miles of UK roads available for your perusal on Street View this Thursday, adding to the 28,000 miles that are currently shown. That means you'll be able to see about 96 per cent of this leafy land's approximately 246,985 miles of thoroughfares.
Twenty-four perfectly respectable UK settlements, as well as Sc**thorpe, enjoyed the Street View treatment when it launched in Blighty in March last year. Now you'll be able to virtually visit cities and hamlets -- at least the ones where the Google Street View car hasn't been forced to beat a speedy retreat by a pitchfork-wielding posse -- from Cornwall to the Shetlands.
[ ]
| |
EFF knocks Apple's 'secret' restrictive developer agreement
Posted by l33tdawg on Thursday, March 11, 2010 - 01:18 AM (Reads: 225)
|
Source: Mac News World
The first rule of Apple's App Club is: You do not talk about App Club. Any developer who writes an app for the App Store is forbidden from making any public statements about the iPhone Developer Program Licensing Agreement.
Second rule of App Club is: Said developers also can't sell their apps to other app stores, even if that app is eventually rejected by Apple. Third rule of App Club: You can't reverse engineer anything having to do with the App Store software development kit (SDK) or the iPhone OS.
Fourth rule: Apple retains the right to remove your app from the App Store at any time, for any reason. (Hello, Hottest Girls app; goodbye, Hottest Girls app.) Fifth rule: If you're sued because of your app, or if Apple screws up the app to the point where you lose money and/or customers, Steve Jobs' company is liable for only a whopping US$50 in damages -- an Apple self-insurance deductible, as it were.
[ ]
| |
Douglas Duchak charged over bid to damage US security database
Posted by l33tdawg on Thursday, March 11, 2010 - 01:15 AM (Reads: 343)
|
Source: Reuters
A Colorado man has been charged with trying to sabotage a U.S. security database that holds sensitive information used for screening air travelers, the Justice Department said on Wednesday.
Douglas Duchak, 46, had worked at a Transportation Security Administration operations center for five years, updating its computers with data from the Terrorist Screening Database and the U.S. Marshal's Service Warrant Information Network.
The TSA is primarily responsible for screening passengers at U.S. airports and uses information from intelligence and law enforcement agencies to prevent people who pose a threat from boarding commercial flights. The agency has come under new pressure to ramp up security in the wake of a failed plot in late December to blow up a U.S. commercial jetliner.
[ ]
| |
No-Fly List Includes the Dead
Posted by l33tdawg on Thursday, March 11, 2010 - 01:14 AM (Reads: 267)
| |
Source: Wired (Threat Level)
You may be dying, figuratively, to get off the government’s no-fly list, but death won’t guarantee removal.
The government’s no-fly list includes the names of dead suspects to help catch people who may try to assume the suspect’s identity, according to government officials who spoke with The Associated Press.
The no-fly list has been shrouded in mystery since it was first developed after the 9/11 attacks. How people get on the list or get off it has been a closely guarded secret, with only bits of information made public during congressional hearings. The AP has pieced together the broad steps it takes for someone to get on the list, and some of the changes the list has undergone since it was created nine years ago.
[ ]
| |
New Gestures coming to iPhone/iPad: Triple tap and long press
Posted by l33tdawg on Thursday, March 11, 2010 - 01:08 AM (Reads: 219)
| |
Source: 9 to 5 Mac
On the surface, the latest iPhone 3.2 Beta 4 SDK didn't have much new information. Diving a little deeper however, we find some very exciting news.
In the gestures folder, you'll see two new types of commands (3Tap.plist and LongPress.plist) that are certainly not implemented in the current 3.1 iPhone SDK. Apple is likely allowing developers to use these capabilities in the next versions of the OS. We might even see these in the shipping version of the iPad.
[ ]
| |
No Trace: How to Completely Erase Your Hard Drives, SSDs and USB Drives
Posted by l33tdawg on Thursday, March 11, 2010 - 01:07 AM (Reads: 345)
| |
Source: Gizmodo
With stories abounding of identity theft aided by information lifted from discarded storage devices, you want devices you no longer plan to use to have no usable information when they head out the door. Here's how to wipe them clean.
Sure, you could erase the contents of the drive, but keep this in mind: the act of erasing a file does not remove it from a storage device.
When you erase/delete a file from your computer, it's not really gone until the areas of the disk it used are overwritten by new information. If you use the normal Windows delete function, the "deleted" file is sent to the Recycle Bin until the space it uses is required by other files. If you use Shift-Delete to bypass the Recycle Bin, the space occupied by the file is marked as available for other files. However, the file could be recovered days or even weeks later with third-party data recovery software. As long as the operating system does not reuse the space occupied by a file with another file, the "deleted" file can be recovered.
[ ]
| |
How deep can Intel get inside the smart grid?
Posted by l33tdawg on Thursday, March 11, 2010 - 01:06 AM (Reads: 218)
|
Source: ZDnet (Blog)
I think a lot about which companies that I’ve been covering for zillions of years will be around 10 years from now, as the Internet moves into its next phase of innovation around things like machine to machine communications, which is sort of personified in the smart grid. If you think Microsoft and IBM and Hewlett-Packard are invincible, pause a moment to memorialize Digital Equipment Corp.
Clearly, many of the legacy IT companies — IBM, Microsoft, SAP, Oracle, to name a few — are all over the whole intelligent utility market like a bad suit. But what about that other kingpin of the personal computing movement, Intel, the company of the famous “Inside” motto. Clearly, the company hopes to be deep inside the smart grid.
[ ]
| |
ARM Expects 50 Tablet Devices to Hit the Market This Year
Posted by l33tdawg on Thursday, March 11, 2010 - 01:05 AM (Reads: 192)
| |
Source: X-Bit Labs
ARM, a leading developer of microprocessor technologies for portable and consumer electronics, said at a press conference on Wednesday that this year around 50 tablet PC devices akin to Apple iPad released worldwide. While analysts agree that there may be a lot of slate-type PCs launched, far not all will become successful.
“The first tablet devices will launch in the second quarter by [mobile network] carriers. You will see a lot more in the third quarter,” said Roy Chen, ARM's worldwide mobile computing ODM manager, during a press meeting in Taipei, reports IDG News Services.
There are so many tablet PCs incoming that ARM even had to book the additional space at Computex Taipei trade-show to demonstrate all the products, many of which will be launched by small companies that can hardly efficiently advertise their devices and do not have an established brand among consumers.
[ ]
| |
Sun’s open source chief leaves after Oracle merger
Posted by l33tdawg on Thursday, March 11, 2010 - 12:59 AM (Reads: 451)
| |
Source: IT World (Canada)
Sun's chief open source officer, Simon Phipps, has left the company following its acquisition by Oracle, the executive announced in his blog Tuesday.
"Today is my last day of employment at Sun (well, it became Oracle on March 1st in the UK but you know what I mean)," Phipps wrote. "I am a few months short of my 10th anniversary there (I joined at JavaOne in 2000) and my 5th anniversary as Chief Open Source Officer." With the acquisition of Sun, Oracle is poised to become what some analysts think is the industry's most powerful open source vendor. But it will chart a new path in open source without Phipps.
Phipps looks back fondly at successes at Sun, but admits some regrets for goals left unaccomplished. Phipps wrote that he and his colleagues "achieved some amazing things" such as changing Sun's attitude toward open source, kick-starting the "corporate blogging revolution" with Blogs.Sun.com, and releasing software such as Java under free licenses.
[ ]
| |
Turkish police detain 23 PKK hackers in 13 provinces
Posted by l33tdawg on Thursday, March 11, 2010 - 12:58 AM (Reads: 171)
| |
Source: Hurriyet Daily News
Police have detained 23 suspects in operations in 13 provinces, charging them with membership in a terror organization and attacking public institutions’ Web sites, the daily Radikal reported Wednesday.
The suspects, allegedly members of the outlawed Kurdistan Workers’ Party, or PKK, were taken to Diyarbak?r for questioning. The investigation of this case was still continuing when the Daily News went to print. A hacker team for the outlawed organization was captured previously, but the members reorganized and attacked roughly 300 Web sites belonging to public institutions.
[ ]
| |
Reader exploit prompts Adobe update alert
Posted by l33tdawg on Thursday, March 11, 2010 - 12:57 AM (Reads: 165)
| |
Source: Network World
Users of Adobe PDF Reader should check they are running the latest version of the software after the discovery of an exploit that takes advantage of a serious flaw patched only three weeks ago.
According to Microsoft's Threat Research and Response blog, its researchers have discovered a circulating PDF-based attack that hooks into the publicised flaw, CVE-2010-0188, to download a Trojan backdoor capable of taking control of the affected system.
The warning relates mainly to Adobe Acrobat and Reader up to 9.3.0 for Windows, Apple and Unix. older versions of Acrobat and Reader, 8.2.0 (used by anyone unable to update to 9.3.x), are also affected on Windows and Apple and should be patched to 8.2.1.
[ ]
| |
Android native development kit updated
Posted by l33tdawg on Thursday, March 11, 2010 - 12:56 AM (Reads: 179)
| |
Source: IT World (Canada)
L33tdawg: If you're interested in the inner workings of Android apps, Marc Schoenefeld will be presenting a new paper on reverse engineering Android applications with an exclusive release of undx2, the next major version of the undx transformation library allowing a reverse transformation to Java bytecode.
Developers of the Google-backed Android mobile application platform have released revision 3 of Android NDK (Native Development Kit), which complements Android SDK by enabling developers to build performance-critical portions of an application in native code.
Release of NDK r3 was noted in a posting on the Android Developer Blog on Monday. Version 3 includes OpenGL ES (Open Graphics Library for Embedded Systems) 2.0 native library support. Also featured is a sample application making use of OpenGL ES 2.0 vertex and fragment shaders.
"[OpenGL ES 2.0] brings the ability to control graphics rendering through vertex and fragment shader programs using the GLSL shading language," said David Turner, a member of the Google technical staff, in the Android Developer Blog.
[ ]
| |
Four over-rated security technologies
Posted by l33tdawg on Thursday, March 11, 2010 - 12:52 AM (Reads: 296)
| |
Source: IT World (Canada)
The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with?
CSOonline.com recently conducted an unscientific survey on the matter, asking those questions to a variety of security forums on LinkedIn and following it up with e-mails and phone conversations. What follows are four technologies several cited as overrated in today's security fight.
We'll follow up next week with security technologies many believe are underrated. It's safe to predict that some of the technologies on this list will also appear there.
[ ]
| |
The top 10 geek anthems of all time
Posted by l33tdawg on Thursday, March 11, 2010 - 12:51 AM (Reads: 298)
|
Source: CNN
Geeks rock.
When Buddy Holly jerked onstage as a bespectacled counterpoint to the pelvis-swiveling cool of Elvis, it carved out a spot in rock and pop music for the kids more inclined to admire Stephen Hawking than Steven Tyler or Bill Gates than Billy Idol.
The South by Southwest Interactive conference kicks off Friday in Austin, Texas, offering up as pure a convergence of geek and rock sensibilities as you're apt to find. Started in 1987 to showcase Austin's burgeoning alt-rock scene, South by Southwest added interactive and film gatherings in 1994.
[ ]
| |
LED lights may be the future of broadband
Posted by l33tdawg on Thursday, March 11, 2010 - 12:50 AM (Reads: 174)
|
Source: UPI
German scientists say they've created a data connection that uses light produced by lamps to encode a wireless broadband signal.
The researchers, led by Jelena Vucic of the Fraunhofer Institute for Telecommunications at the Heinrich-Hertz-Institute in Berlin, say getting a broadband connection might be as simple as turning on a lamp.
Currently, most wireless connections are achieved through a radio-frequency WiFi connection. But the scientists say WiFi has limited bandwidth, and it's unclear where to find more in the already-crowded radio spectrum. By contrast, they say visible-frequency wireless has all the bandwidth one could want.
[ ]
| |
|
HITB Ezine
WANT TO GET PUBLISHED? SEND YOUR ARTICLES TO ZARULSHAHRIN -AT- HACKINTHEBOX.ORG
Issue #1 - #37
Issue #38
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· ane-xsrf.txtANE CMS version 1 suffers from a cross site request forgery vulnerability.
· ane-xss.txtANE CMS version 1 suffers from a cross site scripting vulnerability.
· USN-909-1.txtUbuntu Security Notice 909-1 - William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
· abton-sql.txtAbton CMS suffers from a remote SQL injection vulnerability.
· dsa-2011-1.txtDebian Linux Security Advisory 2011-1 - William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content.
· MDVSA-2010-060.txtMandriva Linux Security Advisory 2010-060 - The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
· cookiemonster_v1.6.zipCookie Monster is a cookie analysis tool written in Python. Cookie Monster will grab cookies from a host and assign each character a number. This number can be used to perform mathematical calculations on the differences in order to find a pattern and see if cookie prediction is possible.
· super-vulns.tgzSUPERAntiSpyware and Super Ad Blocker have almost identical device drivers in order to set up hooks and perform other duties from kernel space. These device drivers suffer from lack of validation of parameters passed from user mode. Additionally, some of the functions accessible from user mode are inherently insecure and lead to easy privilege escalation. All vulnerabilities are applicable to both applications. Proof of concept code included with full advisory.
Topics
· All topics
· AMD News (Feb 23, 2010)
· Apple News (Mar 11, 2010)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Mar 11, 2010)
· Encryption (Mar 10, 2010)
· Games (Mar 09, 2010)
· Hardware (Mar 04, 2010)
· HITB News (Feb 09, 2010)
· Industry News (Mar 11, 2010)
· Intel News (Mar 11, 2010)
· Law and Order (Mar 11, 2010)
· Linux (Feb 25, 2010)
· Microsoft (Mar 10, 2010)
· Networking (Mar 10, 2010)
· PDAs (Feb 09, 2007)
· Privacy (Mar 11, 2010)
· Red Hat (Mar 09, 2010)
· Science (Mar 10, 2010)
· Security (Mar 11, 2010)
· Software & Programming (Mar 11, 2010)
· Spam (Jan 26, 2010)
· Technology (Mar 11, 2010)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Mar 09, 2010)
· Wireless (Mar 03, 2010)
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
Conquering the chaos in modern, multiprocessor computers
