Thu, 11 Mar 2010 01:26:02 +0000 http://hackinthebox.org/ Hack In The Box Backend en-us http://hackinthebox.org/images/hitb.gif http://hackinthebox.org/ dhillon.kannabhiran@hackinthebox.org http://hackinthebox.org/index.php?name=News&file=article&sid=35400 So you told your boss that you bought your Android smartphone so that you could track your business calls, be more effective when traveling for your company, have easy access to Gmail and keep your organization's Twitter feed current. But we know what's really going on -- you got that smartphone because it was cool and because you wanted to play with all the apps. (And possibly because it wasn't Apple or AT&T.) Just for the heck of it, I've gathered eight free apps that are just plain fun to use. A couple of them are also actually useful; another two are sort of useful (if you stretch the point a bit); the last four are just there to play with. Thu, 11 Mar 2010 01:26:02 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35399 If the public wants online privacy it had better fight now for laws to protect it because businesses won't and individuals don't have the clout, security expert Bruce Schneier told RSA Conference. The longer information-privacy policies go unset, the more likely it is that they never will be set, says Schneier, an author of books about security and CTO of security consultant BT Counterpane. As young people grow up with broad swaths of information about them in the public domain, they will lose any sense of privacy that older generations have. And they will have no appreciation that lack of privacy shifts power over their lives from themselves to businesses or governments that do control their information. Laws protecting digital data that is routinely gathered about people are needed, he says. "The only lever that works is the legal lever," he says. "How can we expect the younger generation to do this when they don't even know the problem?" Thu, 11 Mar 2010 01:22:17 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35398 Recruitment firm Kelly Services says demand for skilled and experienced IT professionals continues, despite recent economic conditions. Late last year, Kelly Services conducted a workplace survey in 12 countries, including New Zealand, polling senior IT decision makers across many industries. In the New Zealand survey, approximately 71 percent of respondents reported an increase or no change in demand for IT staff. This was little different from Kelly Services' previous survey, carried out in July 2008, when 80 percent of respondents described the effects of the then-IT skills shortage as moderate to severe. Thu, 11 Mar 2010 01:21:39 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35397 Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines. Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning. The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it." Thu, 11 Mar 2010 01:20:16 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35396 Twitter is finally being proactive about the large number of phishing scams that have plagued the micro-blogging service in the past year. On Wednesday, Twitter introduced its own anti-phishing service designed to protect its users from these types of attacks. The new security measures will focus on Twitter direct messages (DMs) -- private tweets addressed to a specific user -- and corresponding e-mail notifications. Twitter believes DMs are the primary source of Twitter-based phishing attacks, and has not yet announced any plans to extend the new service to regular Twitter messages. DMs will now be routed through Twitter's anti-phishing service to "detect, intercept, and prevent the spread of bad links," Del Harvey, director of Twitter's trust and safety team, wrote in a recent blog post. After Twitter has approved a link, it will be delivered to users via a new 'twit.tl' URL instead of bit.ly, tinyURL or other link-shortening services. Twitter also claims that if a bad link gets through to a user via e-mail, the company would still "be able to keep that user safe." Thu, 11 Mar 2010 01:19:41 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35395 Google will make a further 210,000 miles of UK roads available for your perusal on Street View this Thursday, adding to the 28,000 miles that are currently shown. That means you'll be able to see about 96 per cent of this leafy land's approximately 246,985 miles of thoroughfares. Twenty-four perfectly respectable UK settlements, as well as Sc**thorpe, enjoyed the Street View treatment when it launched in Blighty in March last year. Now you'll be able to virtually visit cities and hamlets -- at least the ones where the Google Street View car hasn't been forced to beat a speedy retreat by a pitchfork-wielding posse -- from Cornwall to the Shetlands. Thu, 11 Mar 2010 01:19:03 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35394 The first rule of Apple's App Club is: You do not talk about App Club. Any developer who writes an app for the App Store is forbidden from making any public statements about the iPhone Developer Program Licensing Agreement. Second rule of App Club is: Said developers also can't sell their apps to other app stores, even if that app is eventually rejected by Apple. Third rule of App Club: You can't reverse engineer anything having to do with the App Store software development kit (SDK) or the iPhone OS. Fourth rule: Apple retains the right to remove your app from the App Store at any time, for any reason. (Hello, Hottest Girls app; goodbye, Hottest Girls app.) Fifth rule: If you're sued because of your app, or if Apple screws up the app to the point where you lose money and/or customers, Steve Jobs' company is liable for only a whopping US$50 in damages -- an Apple self-insurance deductible, as it were. Thu, 11 Mar 2010 01:18:34 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35393 A Colorado man has been charged with trying to sabotage a U.S. security database that holds sensitive information used for screening air travelers, the Justice Department said on Wednesday. Douglas Duchak, 46, had worked at a Transportation Security Administration operations center for five years, updating its computers with data from the Terrorist Screening Database and the U.S. Marshal's Service Warrant Information Network. The TSA is primarily responsible for screening passengers at U.S. airports and uses information from intelligence and law enforcement agencies to prevent people who pose a threat from boarding commercial flights. The agency has come under new pressure to ramp up security in the wake of a failed plot in late December to blow up a U.S. commercial jetliner. Thu, 11 Mar 2010 01:15:50 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35392 You may be dying, figuratively, to get off the government’s no-fly list, but death won’t guarantee removal. The government’s no-fly list includes the names of dead suspects to help catch people who may try to assume the suspect’s identity, according to government officials who spoke with The Associated Press. The no-fly list has been shrouded in mystery since it was first developed after the 9/11 attacks. How people get on the list or get off it has been a closely guarded secret, with only bits of information made public during congressional hearings. The AP has pieced together the broad steps it takes for someone to get on the list, and some of the changes the list has undergone since it was created nine years ago. Thu, 11 Mar 2010 01:14:23 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35391 On the surface, the latest iPhone 3.2 Beta 4 SDK didn't have much new information. Diving a little deeper however, we find some very exciting news. In the gestures folder, you'll see two new types of commands (3Tap.plist and LongPress.plist) that are certainly not implemented in the current 3.1 iPhone SDK. Apple is likely allowing developers to use these capabilities in the next versions of the OS. We might even see these in the shipping version of the iPad. Thu, 11 Mar 2010 01:08:59 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35390 With stories abounding of identity theft aided by information lifted from discarded storage devices, you want devices you no longer plan to use to have no usable information when they head out the door. Here's how to wipe them clean. Sure, you could erase the contents of the drive, but keep this in mind: the act of erasing a file does not remove it from a storage device. When you erase/delete a file from your computer, it's not really gone until the areas of the disk it used are overwritten by new information. If you use the normal Windows delete function, the "deleted" file is sent to the Recycle Bin until the space it uses is required by other files. If you use Shift-Delete to bypass the Recycle Bin, the space occupied by the file is marked as available for other files. However, the file could be recovered days or even weeks later with third-party data recovery software. As long as the operating system does not reuse the space occupied by a file with another file, the "deleted" file can be recovered. Thu, 11 Mar 2010 01:07:53 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35389 I think a lot about which companies that I’ve been covering for zillions of years will be around 10 years from now, as the Internet moves into its next phase of innovation around things like machine to machine communications, which is sort of personified in the smart grid. If you think Microsoft and IBM and Hewlett-Packard are invincible, pause a moment to memorialize Digital Equipment Corp. Clearly, many of the legacy IT companies — IBM, Microsoft, SAP, Oracle, to name a few — are all over the whole intelligent utility market like a bad suit. But what about that other kingpin of the personal computing movement, Intel, the company of the famous “Inside” motto. Clearly, the company hopes to be deep inside the smart grid. Thu, 11 Mar 2010 01:06:33 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35388 ARM, a leading developer of microprocessor technologies for portable and consumer electronics, said at a press conference on Wednesday that this year around 50 tablet PC devices akin to Apple iPad released worldwide. While analysts agree that there may be a lot of slate-type PCs launched, far not all will become successful. “The first tablet devices will launch in the second quarter by [mobile network] carriers. You will see a lot more in the third quarter,” said Roy Chen, ARM's worldwide mobile computing ODM manager, during a press meeting in Taipei, reports IDG News Services. There are so many tablet PCs incoming that ARM even had to book the additional space at Computex Taipei trade-show to demonstrate all the products, many of which will be launched by small companies that can hardly efficiently advertise their devices and do not have an established brand among consumers. Thu, 11 Mar 2010 01:05:52 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35387 Sun's chief open source officer, Simon Phipps, has left the company following its acquisition by Oracle, the executive announced in his blog Tuesday. "Today is my last day of employment at Sun (well, it became Oracle on March 1st in the UK but you know what I mean)," Phipps wrote. "I am a few months short of my 10th anniversary there (I joined at JavaOne in 2000) and my 5th anniversary as Chief Open Source Officer." With the acquisition of Sun, Oracle is poised to become what some analysts think is the industry's most powerful open source vendor. But it will chart a new path in open source without Phipps. Phipps looks back fondly at successes at Sun, but admits some regrets for goals left unaccomplished. Phipps wrote that he and his colleagues "achieved some amazing things" such as changing Sun's attitude toward open source, kick-starting the "corporate blogging revolution" with Blogs.Sun.com, and releasing software such as Java under free licenses. Thu, 11 Mar 2010 00:59:44 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35386 Police have detained 23 suspects in operations in 13 provinces, charging them with membership in a terror organization and attacking public institutions’ Web sites, the daily Radikal reported Wednesday. The suspects, allegedly members of the outlawed Kurdistan Workers’ Party, or PKK, were taken to Diyarbak?r for questioning. The investigation of this case was still continuing when the Daily News went to print. A hacker team for the outlawed organization was captured previously, but the members reorganized and attacked roughly 300 Web sites belonging to public institutions. Thu, 11 Mar 2010 00:58:08 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35385 Users of Adobe PDF Reader should check they are running the latest version of the software after the discovery of an exploit that takes advantage of a serious flaw patched only three weeks ago. According to Microsoft's Threat Research and Response blog, its researchers have discovered a circulating PDF-based attack that hooks into the publicised flaw, CVE-2010-0188, to download a Trojan backdoor capable of taking control of the affected system. The warning relates mainly to Adobe Acrobat and Reader up to 9.3.0 for Windows, Apple and Unix. older versions of Acrobat and Reader, 8.2.0 (used by anyone unable to update to 9.3.x), are also affected on Windows and Apple and should be patched to 8.2.1. Thu, 11 Mar 2010 00:57:21 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35384 Developers of the Google-backed Android mobile application platform have released revision 3 of Android NDK (Native Development Kit), which complements Android SDK by enabling developers to build performance-critical portions of an application in native code. Release of NDK r3 was noted in a posting on the Android Developer Blog on Monday. Version 3 includes OpenGL ES (Open Graphics Library for Embedded Systems) 2.0 native library support. Also featured is a sample application making use of OpenGL ES 2.0 vertex and fragment shaders. "[OpenGL ES 2.0] brings the ability to control graphics rendering through vertex and fragment shader programs using the GLSL shading language," said David Turner, a member of the Google technical staff, in the Android Developer Blog. Thu, 11 Mar 2010 00:56:34 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35383 The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with? CSOonline.com recently conducted an unscientific survey on the matter, asking those questions to a variety of security forums on LinkedIn and following it up with e-mails and phone conversations. What follows are four technologies several cited as overrated in today's security fight. We'll follow up next week with security technologies many believe are underrated. It's safe to predict that some of the technologies on this list will also appear there. Thu, 11 Mar 2010 00:52:14 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35382 Geeks rock. When Buddy Holly jerked onstage as a bespectacled counterpoint to the pelvis-swiveling cool of Elvis, it carved out a spot in rock and pop music for the kids more inclined to admire Stephen Hawking than Steven Tyler or Bill Gates than Billy Idol. The South by Southwest Interactive conference kicks off Friday in Austin, Texas, offering up as pure a convergence of geek and rock sensibilities as you're apt to find. Started in 1987 to showcase Austin's burgeoning alt-rock scene, South by Southwest added interactive and film gatherings in 1994. Thu, 11 Mar 2010 00:51:31 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35381 German scientists say they've created a data connection that uses light produced by lamps to encode a wireless broadband signal. The researchers, led by Jelena Vucic of the Fraunhofer Institute for Telecommunications at the Heinrich-Hertz-Institute in Berlin, say getting a broadband connection might be as simple as turning on a lamp. Currently, most wireless connections are achieved through a radio-frequency WiFi connection. But the scientists say WiFi has limited bandwidth, and it's unclear where to find more in the already-crowded radio spectrum. By contrast, they say visible-frequency wireless has all the bandwidth one could want. Thu, 11 Mar 2010 00:50:53 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35380 If you worry that your organization's applications are vulnerable to attack, then you're not alone, according to study results released yesterday. In a survey at the RSA Conference 2010 in San Francisco last week, researchers from security vendor Fortify found that most security pros are stressed about potential attacks on their apps. In fact, 73 percent of respondents thought the applications in their companies had vulnerabilities that hackers could exploit. In fact, most agreed it would be "ignorant" to say they didn't. Twenty-six percent said they either did not know the answer or did not want to disclose the information. Thu, 11 Mar 2010 00:49:51 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35379 News flash: Terrorists are using the Internet to communicate and recruit fresh blood to their ranks. OK, not exactly news, and certainly not a revelation to anyone who frequents this site. Hard to believe it's been almost a year since Shannen Rossmiller outlined her own online jihadi-hunting ventures on IE Radio, and talked about the dark side of the global phenomenon that is the Internet. Women and terrorism are back in the headlines again this week, but on the opposite side from where Rossmiller sits. Colleen "Jihad Jane" LaRose was formally charged this week with agreeing to carry out murder overseas and providing material support to terrorists and using email, YouTube videos, and phony documents to get the job done. Thu, 11 Mar 2010 00:49:02 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35378 The Department of Internal Affairs' (DIA) internet filter is now operational and is being used by internet providers (ISPs) Maxnet and Watchdog. Thomas Beagle, spokesperson for online freedom lobby Tech Liberty says he's "very disappointed that the filter is now running, it's a sad day for the New Zealand internet". He told Computerworld the filter went live on February 1 but DIA has delayed announcing that until it held a meeting with its Independent Reference Group. He says he's disappointed the launch was conducted in such a "stealthy mode". The manager of the Department of Internal Affairs' Censorship Compliance Unit, Steve O'Brien, denies any subterfuge in the launch, saying the trial has been going on for two years and that has been communicated to media for "quite some time". Thu, 11 Mar 2010 00:48:07 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35377 By now, it's practically a mantra that the biggest problem with corporate IT security is the employees themselves. However, we usually assume that's due to ignorant users or poorly enforced policies. Not so for a chunk of the US working population—according to a survey conducted by Harris Interactive, 12 percent admitted to knowingly violating IT policy in order to get work done. The survey of 1,347 employed adults was conducted on behalf of Fiberlink, a company that hawks services that "help enterprises connect, control and secure laptops and mobile devices." Needless to say, the survey results fit perfectly into the company's agenda, but they are hardly surprising. After all, how many of us know someone who has left a work laptop in an unattended vehicle, sent unencrypted e-mails without permission, or reused the same three passwords over and over instead of choosing new ones every 90 days? Thu, 11 Mar 2010 00:47:30 +0000 http://hackinthebox.org/index.php?name=News&file=article&sid=35376 Hackers adore Adobe Reader, and have pushed it into first place as the software most often exploited in targeted attacks, a Finnish security company said today. Helsinki-based F-Secure also urged users to update to the newest version of Reader to protect themselves against new attacks taking advantage of a vulnerability patched just three weeks ago. According to F-Secure, 61% of the nearly 900 targeted attacks it's tracked in the first two months of 2010 exploited a vulnerability in Reader, Adobe's popular PDF viewer. By comparison, Microsoft's Word was exploited in just 24% of the attacks, and bugs in its Excel spreadsheet and PowerPoint presentation maker were leveraged only a combined 14% of the time. Thu, 11 Mar 2010 00:46:54 +0000