Thu, 21 Aug 2008 03:56:13 +0000 http://hackinthebox.org/ Hack In The Box Backend en-us http://hackinthebox.org/images/hitb.gif http://hackinthebox.org/ l33tdawg@hackinthebox.org http://hackinthebox.org/index.php?name=News&file=article&sid=27906 Users of Apple's MobileMe have already discovered that the US$99-per-year service is sometimes slow and unreliable, and they're now talking about another shortcoming that was intentional. MobileMe allows users to synchronize e-mail, calendar and contact information among various devices over the Internet. Although the log-in process for MobileMe is encrypted, Apple does not encrypt data that users send from browsers through MobileMe. The lack of SSL (Secure Sockets Layer) or any other form of encryption means that if a MobileMe user is connected to the Internet via a Wi-Fi hotspot, someone else connected to the same hotspot could relatively easily see all the data that the MobileMe user sends. "Seems like a pretty major omission for a service that's specifically aimed at roaming users," wrote a person called ShepUK on the Macrumors forum. He called the lack of SSL encryption a deal breaker for him. Thu, 21 Aug 2008 03:56:13 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27905 BreakingPoint Systems released a detailed test methodology and video series that enables network engineers to test the deep packet inspection (DPI) features of content-aware network devices. DPI functionality allows network devices such as content-aware switches and routers, next generation firewalls, intrusion prevention systems (IPS), and application delivery controllers to inspect and take action based on the contents and context of packets as they travel across the network. DPI is heavily leveraged in helping to prevent buffer overflow attacks, denial of service (DoS) attacks and intrusions. Effective testing of DPI functionality requires an authentic blend of application traffic, combined with live security strikes, at speeds of 10 gigabits per second. Thu, 21 Aug 2008 03:54:03 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27904 While Intel steals the limelight with its Intel Developer Forum (IDF) this week, AMD quietly prepared its own competitor to Intel's Atom. The CPU, likely named the "Sempron BGA," looks set to debut in October on a 3.5-inch SBC (single board computer) from Taiwanese manufacturer iBase. For several months now, the blogosphere has been alive with reports of an AMD processor, reportedly code-named "Bobcat" and also referred to as the "K8 BGA" or Sempron BGA. The CPU has been rumored to use AMD's Sempron core, clocked down to 1.0GHz or 1.5GHz, and offered in a 27mm x 27mm BGA (ball grid array) package for installation in "nettops" and other low-cost devices. Dissipating about eight Watts, the Sempron BGA will reportedly include an integrated memory controller, 128KB of L1 cache, 256KB of L2 cache, support for 400MHz DDR2 RAM, and an 800MHz HyperTransport link. Thu, 21 Aug 2008 03:52:44 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27903 When Russian tanks rolled into Georgia, it brought back memories of Soviet-era military conquest - a reminder of the cold war. But whether by accident or design, the fight for South Ossettia appears to have given us a taste of the future as well, with internet attacks on Georgian computer systems resulting in theories about 21st-century warfare spilling out everywhere. The BBC said the situation represented a "virtual echo of battles being fought on the ground", while Slate.com's Evgeny Morozov even enlisted as a Russian cybersoldier to see what was really happening. But while the past fortnight has seen plenty of conjecture, there's been very little hard evidence about the conflict that's taking place in cyberspace. We do know a few things, though. After the military situation escalated, some prominent Georgian websites came under attack - though right now we cannot quite be sure where the strikes came from. We also know that the Georgian government enlisted the help of the regional experts in Estonia (themselves hardly bosom pals with Russia) as well as using the might of Google as a deterrent by shifting some important government websites on to Blogger.com. Thu, 21 Aug 2008 03:51:06 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27902 One of the few remaining Internet-free havens vanished Wednesday as American Airlines launched airborne e-mail, Web and other online services on some of its longer nonstop flights. The move could create a new stream of revenue for an aviation industry facing high fuel prices and other challenges. But it also could create new headaches as passengers retrieve sensitive e-mails and websites in confined quarters. It also could end a common excuse people have to avoid checking "urgent" e-mail requests from their bosses. American, a unit of Fort Worth-based AMR Corp., tested in-flight Internet access on two flights June 25. With Wednesday's launch, the airline is making service available for $12.95 per flight on its 15 Boeing 767-200 planes connecting New York with Los Angeles, San Francisco and Miami. Thu, 21 Aug 2008 03:49:29 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27901 International travellers face having their laptop computers, mobile phones, iPods and USB memory sticks scanned and copied at will by customs officials under a proposed global anti-counterfeiting trade deal. Japan and the US are pushing for the so-called Anti-Counterfeiting Trade Agreement (ACTA) to be finalised by the end of the year. Participants have kept details of the agreement secret but information has emerged in consultation papers published by an Australian copyright trade body, the Australian Digital Alliance. A submission by ADA to the Australian government revealed proposals to extend customs' powers to search, seize and destroy material that infringed copyright and the facilities used to produce the copies. Other proposals were to criminalise infringements and to open infringers to higher fines and claims for damages. Thu, 21 Aug 2008 03:48:45 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27900 Comcast is testing new technologies that would slow the transmission of Internet files for its biggest users by as much as 20 minutes during times of heavy network congestion. But the nation's largest cable provider has promised not to target specific content, such as video files that compete with its cable television business. The tests come as the Federal Communications Commission yesterday released an order that forces Comcast to stop its earlier efforts to block transmission of certain Internet files, a ruling that public interest groups hailed, saying it would prevent network operators from acting as gatekeepers of the Web. Comcast didn't respond to details of the FCC's order, but spokeswoman Sena Fitzmaurice said, "We are examining the order and will evaluate our next step." Thu, 21 Aug 2008 03:47:48 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27899 Just one night without sleep can increase the amount of the chemical dopamine in the human brain, according to new imaging research in the August 20 issue of The Journal of Neuroscience. Because drugs that increase dopamine, like amphetamines, promote wakefulness, the findings offer a potential mechanism explaining how the brain helps people stay awake despite the urge to sleep. However, the study also shows that the increase in dopamine cannot compensate for the cognitive deficits caused by sleep deprivation. "This is the first time that a study provides evidence that in the human brain, dopamine is involved in the adaptations that result from sleep deprivation," said Nora Volkow, MD, director of the National Institute on Drug Abuse, who led the study. Thu, 21 Aug 2008 03:39:22 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27898 According to new research from the Monell Center, odors from skin can be used to identify basal cell carcinoma, the most common form of skin cancer. The findings, presented at the 236th meeting of the American Chemical Society, may open doors to development of new methods to detect basal cell carcinoma and other forms of skin cancer. The researchers sampled air above basal cell tumors and found a different profile of chemical compounds compared to skin located at the same sites in healthy control subjects. "Our findings may someday allow doctors to screen for and diagnose skin cancers at very early stages," said Michelle Gallagher, PhD. Human skin produces numerous airborne chemical molecules known as volatile organic compounds, or VOCs, many of which are odorous. In the study presented at the ACS, the researchers obtained VOC profiles from basal cell carcinoma sites in 11 patients and compared them to profiles from similar skin sites in 11 healthy controls. Thu, 21 Aug 2008 03:38:26 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27897 In the current economic climate, businesses of every size are looking to reduce their spending wherever possible. Open source software, which has no upfront licensing fees, is one way of achieving significant savings. However, in order to protect their enormous revenue streams, large software corporations have invested millions in spreading fear, uncertainty, and doubt (FUD) about the security of open source software. In this post, I will examine and debunk five commonly held myths about open source security and why large corporations are promoting a “fear factor” mentality around open source software. Thu, 21 Aug 2008 03:36:44 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27896 One of the controversies that's been swirling around the Chinese Olympic Games since they began is the age of several of China's gymnasts. According to Chinese officials (and, of course, official passports and ID cards), both He Kexin and Jiang Yuyuan are 16, and therefore old enough to compete in the Olympic Games. Unfortunately for China, there's a growing body of evidence pointing in the opposite direction, including online evidence a gumshoe hacker discovered lurking in the cache of Baidu, China's equivalent of Google. If these allegations prove true, it would scarcely be the first time China has lied about the age of an athlete. In 2000—three years after the minimum qualifying age for Olympic Gymnastic competition was raised to 16—Chinese gymnast Yang Yun won a bronze medal for her performance on the uneven bars. Yang's passport showed her as 16 years old at the time, but the gymnast herself later admitted on Chinese national television that she and her coaches had lied about her age, and that she had been just 14 at the time. There's also evidence that Chinese gymnast Li Ya was just 13 when she competed at the World Championships in Anaheim back in 2003. Thu, 21 Aug 2008 03:36:02 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27895 Offering more choice to entry-level desktop PC users, Intel Corporation today showcased a new desktop motherboard that packs a powerful price-performance value proposition. Running on the newly released 45nm dual-core Intel Atom Processor 330, the Intel Desktop Board D945GCLF2 “Essential Series” is the second generation of Intel’s most affordable and differentiated motherboard that integrates a single unit of compute with a microprocessor, chipset, motherboard and heat sink. Designed to specifically build nettops – a family of affordable desktops purpose built for Internet-centric usage models – the D945GCLF2 targets entry-level computer users in the emerging markets, as second or basic home PCs for mature markets, or customized for unique vertical usage models such as Internet kiosks, thin clients or POS (point-of-sale) systems. We would like to remind you that Atom 330 was supposed to work at 1.6 GHz frequency, and the second core would have caused the TDP to be increased from 12 to 16W for the CPU and i945GSE chipset. Relatively high power consumption and heat dissipation would have made Atom processors suitable only for mini-desktop systems. Thu, 21 Aug 2008 03:34:58 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27894 Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks. In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program. According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com. Thu, 21 Aug 2008 03:31:34 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27893 A 'cloaking' device that stops computer hackers maliciously hijacking pacemakers' radio signals could save lives, say scientists. Doctors are increasingly using wireless pacemakers to monitor the regulation of patients' heartbeats, and can even adjust the settings remotely. But earlier this year a team of US scientists using a radio signal were able to simulate interference with the devices and claimed that, in theory, hijackers could shut them down or deliver potentially lethal electric shocks to millions of heart patients. Now Dr Tamara Denning, a computer scientist at the University of Washington in Seattle, has devised a cloaking device that is designed to resist any instructions that come from anyone other than the doctor. ` Thu, 21 Aug 2008 03:30:19 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27892 Got that hacking jones, but can't find anyone to hack with? Head on over to JustHackIt, a site aimed at developers that launched last night. It is a place for developers to find each other, work on projects, and maybe even start a company. Developers can post projects they want to do and search through postings from other hackers. The site describes itself this way: The idea: Outside of Silicon Valley, lots of hackers are interested in web startups but don't have a plethora of available co-founders to start a company with. Even if you know other hackers, often there are times when you want to start a project but your friends are busy. So the idea is to connect people who want to build something RIGHT NOW. Ideas can be simple 1 page websites or complex Google competitors It reads a bit like the personals section of Craigslist, but don't let that turn you off. Basically, it is a bulletin board for hackers. The problem is that it is too simplistic. Once you start a project, then what? Who owns it, how are any revenues or shares in a resulting company/site divvied up? Thu, 21 Aug 2008 03:29:25 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27891 A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski. FEMA is part of Homeland Security, which in 2003 put out a warning about this very vulnerability. The voicemail system is new and recently was installed. It is a Private Branch Exchange, or PBX, a traditional corporate phone network that is used in thousands of companies and government offices. Many companies are moving to a higher tech version, known as Voice Over Internet Telephony. Thu, 21 Aug 2008 03:28:30 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27890 Hackers trying to plant malware on PCs have switched from touting CNN news in come-on messages to pushing breaking stories said to be from rival network MSNBC, security experts said today. The fake messages pose with subject headings that include the phrase "Breaking News," along with phony news story headlines, such as " Jerry Yang relinquishes control over Yahoo," "Mary-Kate Olsen responsible for Heath Ledger's death," and "Plane crashes into prep school, hundreds of kids killed," said researchers at F-Secure Corp. and Sophos Plc. Last week, security vendors had warned users of a massive scam that used messages masquerading as news alerts from CNN. At its peak, the blitz dumped? nearly 11 million messages an hour on users. Thu, 21 Aug 2008 03:27:27 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27889 By now most personal-computer users know not to post their Social Security numbers on the Internet or respond to Nigerian e-mails seeking help with suspicious bank-account transfers. But many people still make mistakes that compromise their computer's security or invite identity thieves. "You can't be too safe," said Jeff Fox, technology editor at Consumer Reports. People are more savvy today about online security, says Fox, "but a lot more education is needed. You need to be street-smart, the way you are in the real world." In an interview with CNN, Fox listed seven common online blunders that make people vulnerable to viruses and theft, and offered tips on how to avoid them Thu, 21 Aug 2008 03:26:30 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27888 A rare defect in the first generation iPod nano is causing a consumer scare in Japan. The Japanese Ministry of Economy, Trade and Industry is warning users after an investigation found that the player had been responsible for at least three fires. No major injuries were reported in any of the incidents. The problem lies within the battery unit for the player. Certain units can be prone to overheating which can then lead to a fire. The issue is not believed to affect any other iPod models or later generations of the nano. Apple is trying to ease the fears of customers worried that their iPods may be the next to combust. The company said in a statement to the Wall Street Journal that the defect has been traced back to a single supplier and is only present .001 per cent of the first generation nano model. Wed, 20 Aug 2008 01:59:31 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27887 The Mac clone maker that has been sued by Apple Inc. thought it necessary last week to quell speculation that it is no longer shipping systems. The company also announced that it has started shipping recovery discs to customers by request to help them reinstall Apple's Mac OS X 10.5 operating system. Psystar Corp., which began selling its Open Computer and OpenPro Computer clones in April, was hit with an Apple lawsuit about seven weeks ago that accused the company of multiple copyright and trademark infringement, breach of contract and unfair competition violations. Apple claimed Psystar's practice of installing Leopard on its machines violated the Mac OS X end-user licensing agreement (EULA). That license specifically bars users from installing the operating system on non-Apple hardware. "You agree not to install, use or run the Apple software on any non-Apple-labeled computer, or to enable others to do so," the EULA reads. Wed, 20 Aug 2008 01:58:44 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27886 Apple Inc. has released an iPhone software update it says improves communication between the smart phone and wireless networks. The iPhone 3G, which went on sale July 11, connects to cellular providers' speedier third-generation networks and was meant to deliver snappier web surfing and online video viewing than the year-old original model. But some customers who shelled out $199 for Apple's newest gizmo flocked to message boards in recent weeks, posting complaints about dropped calls and spotty wireless broadband connectivity. Cupertino, Calif.-based Apple did not acknowledge a problem until Tuesday, and then provided few specifics about what, exactly, Monday evening's software update was designed to fix. The iPhone 2.0.2 software update "improved communication with 3G networks," said Apple spokeswoman Jennifer Bowcock. Wed, 20 Aug 2008 01:57:56 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27885 While the company only has a 10 percent share of the search market with its Live Search technology, Microsoft has big plans to enhance its platform regardless of what happens with its now-dormant proposal to buy Yahoo. At the Search Engine Strategies 2008 conference in San Jose, California. on Tuesday, Microsoft's Satya Nadella, vice president of the company's search, portal, and advertising platform group, discussed the company's goals for search but did not want to talk about the company's Yahoo plan.That planned acquisition has not panned out. "At this point we're focused on building our organic strategy," Nadella said when asked about Microsoft's current interest in Yahoo. Nadella emphasised that search has become easy but there is room for improvement. Wed, 20 Aug 2008 01:56:36 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27884 A study this week has revealed the slow rate of adoption for IPv6, the next version of the Internet's main communications protocol, and some experts say black markets where companies trade unused IP addresses may be only a few years away. The report, from Arbor Networks, claims to be the most comprehensive study of IPv6 use to date. It includes few surprises for those who follow the area closely, but the results provide a sobering measure of how slowly the technology has been adopted. "At its peak, IPv6 represented less than one hundredth of 1% of Internet traffic" over the past year, Arbor Networks' Chief Scientist Craig Labovitz wrote in a summary of the findings, adding wryly: "This is somewhat equivalent to the allowed parts of contaminants in drinking water." Wed, 20 Aug 2008 01:56:00 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27883 Local security company GTSP found itself on the wrong end of a hacker attack this week as its Web site was hacked by a Turkish hacker, called iSKORPiTX. Jacques van Heerden, owner of GTSP, says – while his site was compromised – none of his client data was located on the site server. “We used Joomla!, which was not properly secure,” he says. “It has vulnerabilities, and one was exploited.” iSKORPiTX has carried out more than 200 000 hacker attacks in the last month, of which just over 180 000 were mass defacements. Today, by mid-morning, he had already done 30 hacks. Wed, 20 Aug 2008 01:55:23 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=27882 Linux project lead Linus Torvalds has said it is not easy to become a major contributor to the Linux kernel. In an email interview with ZDNet.com.au sister site ZDNet.co.uk last week, Torvalds said that, while it was relatively easy for coders and organisations to contribute small patches, the contribution of large patches, developed in isolation, could lead to both new and established contributors becoming frustrated. "It's definitely not easy to become a 'big contributor'," wrote Torvalds. "For one thing, the kernel is quite complex and big, and it inevitably simply takes time to learn all the rules, not just for the code, but for how the whole development environment works. Similarly, for a new developer, it will take time before people start recognising the name and start trusting the developer to do the right things." Wed, 20 Aug 2008 01:50:41 +0000