Top Stories for Today
[77] JustHackIt: It's Like a Dating Site For Hackers [76] Intel Unveils Desktop Motherboard for Nettops [75] Seven online-security blunders to avoid [74] Cyberwar isn't a grand struggle - it's a scary prospect of pure chaos [71] Apple's MobileMe lacks key security feature [70] Adobe Flash ads launching clipboard hijack attack [70] Deep packet inspection testing methodology - Videos and documentation [68] Open source and the ‘fear factor’ mentality [68] One Sleepless Night Increases Dopamine In The Human Brain [67] AMD preps low-powered Atom killer [62] Fake News Bulletin Spreads Malware [59] Scent Of Skin Cancer Discovered [59] FEMA phones hacked; calls made to Mideast, Asia [59] Baidu cache offers more evidence of underage Chinese gymnasts [57] International travellers face computer searches at UK Customs [57] FCC Orders Comcast to Stop Blocking Some Large Files [56] Scientists design shield to prevent deadly pacemaker hijack [55] American Airlines introduces in-flight Internet access View the Top 50 articles
Top 20 of the Last 2 Weeks
|
Apple's MobileMe lacks key security feature
Posted by l33tdawg on Thursday, August 21, 2008 - 03:56 AM (Reads: 71)
|
Source: Computer World
Users of Apple's MobileMe have already discovered that the US$99-per-year service is sometimes slow and unreliable, and they're now talking about another shortcoming that was intentional.
MobileMe allows users to synchronize e-mail, calendar and contact information among various devices over the Internet. Although the log-in process for MobileMe is encrypted, Apple does not encrypt data that users send from browsers through MobileMe. The lack of SSL (Secure Sockets Layer) or any other form of encryption means that if a MobileMe user is connected to the Internet via a Wi-Fi hotspot, someone else connected to the same hotspot could relatively easily see all the data that the MobileMe user sends.
"Seems like a pretty major omission for a service that's specifically aimed at roaming users," wrote a person called ShepUK on the Macrumors forum. He called the lack of SSL encryption a deal breaker for him.
[   ]
| |
Deep packet inspection testing methodology - Videos and documentation
Posted by l33tdawg on Thursday, August 21, 2008 - 03:54 AM (Reads: 70)
|
Source: Help Net Security
BreakingPoint Systems released a detailed test methodology and video series that enables network engineers to test the deep packet inspection (DPI) features of content-aware network devices.
DPI functionality allows network devices such as content-aware switches and routers, next generation firewalls, intrusion prevention systems (IPS), and application delivery controllers to inspect and take action based on the contents and context of packets as they travel across the network. DPI is heavily leveraged in helping to prevent buffer overflow attacks, denial of service (DoS) attacks and intrusions. Effective testing of DPI functionality requires an authentic blend of application traffic, combined with live security strikes, at speeds of 10 gigabits per second.
[ ]
| |
AMD preps low-powered Atom killer
Posted by l33tdawg on Thursday, August 21, 2008 - 03:52 AM (Reads: 67)
|
Source: Windows for Devices
While Intel steals the limelight with its Intel Developer Forum (IDF) this week, AMD quietly prepared its own competitor to Intel's Atom. The CPU, likely named the "Sempron BGA," looks set to debut in October on a 3.5-inch SBC (single board computer) from Taiwanese manufacturer iBase.
For several months now, the blogosphere has been alive with reports of an AMD processor, reportedly code-named "Bobcat" and also referred to as the "K8 BGA" or Sempron BGA. The CPU has been rumored to use AMD's Sempron core, clocked down to 1.0GHz or 1.5GHz, and offered in a 27mm x 27mm BGA (ball grid array) package for installation in "nettops" and other low-cost devices. Dissipating about eight Watts, the Sempron BGA will reportedly include an integrated memory controller, 128KB of L1 cache, 256KB of L2 cache, support for 400MHz DDR2 RAM, and an 800MHz HyperTransport link.
[ ]
| |
Cyberwar isn't a grand struggle - it's a scary prospect of pure chaos
Posted by l33tdawg on Thursday, August 21, 2008 - 03:51 AM (Reads: 74)
|
Source: The Guardian
When Russian tanks rolled into Georgia, it brought back memories of Soviet-era military conquest - a reminder of the cold war. But whether by accident or design, the fight for South Ossettia appears to have given us a taste of the future as well, with internet attacks on Georgian computer systems resulting in theories about 21st-century warfare spilling out everywhere. The BBC said the situation represented a "virtual echo of battles being fought on the ground", while Slate.com's Evgeny Morozov even enlisted as a Russian cybersoldier to see what was really happening. But while the past fortnight has seen plenty of conjecture, there's been very little hard evidence about the conflict that's taking place in cyberspace.
We do know a few things, though. After the military situation escalated, some prominent Georgian websites came under attack - though right now we cannot quite be sure where the strikes came from. We also know that the Georgian government enlisted the help of the regional experts in Estonia (themselves hardly bosom pals with Russia) as well as using the might of Google as a deterrent by shifting some important government websites on to Blogger.com.
[ ]
| |
American Airlines introduces in-flight Internet access
Posted by l33tdawg on Thursday, August 21, 2008 - 03:49 AM (Reads: 55)
| |
Source: LA Times
One of the few remaining Internet-free havens vanished Wednesday as American Airlines launched airborne e-mail, Web and other online services on some of its longer nonstop flights.
The move could create a new stream of revenue for an aviation industry facing high fuel prices and other challenges. But it also could create new headaches as passengers retrieve sensitive e-mails and websites in confined quarters.
It also could end a common excuse people have to avoid checking "urgent" e-mail requests from their bosses. American, a unit of Fort Worth-based AMR Corp., tested in-flight Internet access on two flights June 25. With Wednesday's launch, the airline is making service available for $12.95 per flight on its 15 Boeing 767-200 planes connecting New York with Los Angeles, San Francisco and Miami.
[ ]
| |
International travellers face computer searches at UK Customs
Posted by l33tdawg on Thursday, August 21, 2008 - 03:48 AM (Reads: 57)
|
Source: Computer Weekly
International travellers face having their laptop computers, mobile phones, iPods and USB memory sticks scanned and copied at will by customs officials under a proposed global anti-counterfeiting trade deal.
Japan and the US are pushing for the so-called Anti-Counterfeiting Trade Agreement (ACTA) to be finalised by the end of the year. Participants have kept details of the agreement secret but information has emerged in consultation papers published by an Australian copyright trade body, the Australian Digital Alliance.
A submission by ADA to the Australian government revealed proposals to extend customs' powers to search, seize and destroy material that infringed copyright and the facilities used to produce the copies. Other proposals were to criminalise infringements and to open infringers to higher fines and claims for damages.
[ ]
| |
FCC Orders Comcast to Stop Blocking Some Large Files
Posted by l33tdawg on Thursday, August 21, 2008 - 03:47 AM (Reads: 57)
|
Source: Washington Post
Comcast is testing new technologies that would slow the transmission of Internet files for its biggest users by as much as 20 minutes during times of heavy network congestion. But the nation's largest cable provider has promised not to target specific content, such as video files that compete with its cable television business.
The tests come as the Federal Communications Commission yesterday released an order that forces Comcast to stop its earlier efforts to block transmission of certain Internet files, a ruling that public interest groups hailed, saying it would prevent network operators from acting as gatekeepers of the Web.
Comcast didn't respond to details of the FCC's order, but spokeswoman Sena Fitzmaurice said, "We are examining the order and will evaluate our next step."
[ ]
| |
One Sleepless Night Increases Dopamine In The Human Brain
Posted by l33tdawg on Thursday, August 21, 2008 - 03:39 AM (Reads: 68)
|
Source: Science Daily
Just one night without sleep can increase the amount of the chemical dopamine in the human brain, according to new imaging research in the August 20 issue of The Journal of Neuroscience. Because drugs that increase dopamine, like amphetamines, promote wakefulness, the findings offer a potential mechanism explaining how the brain helps people stay awake despite the urge to sleep.
However, the study also shows that the increase in dopamine cannot compensate for the cognitive deficits caused by sleep deprivation.
"This is the first time that a study provides evidence that in the human brain, dopamine is involved in the adaptations that result from sleep deprivation," said Nora Volkow, MD, director of the National Institute on Drug Abuse, who led the study.
[ ]
| |
Scent Of Skin Cancer Discovered
Posted by l33tdawg on Thursday, August 21, 2008 - 03:38 AM (Reads: 59)
| |
Source: Science Daily
According to new research from the Monell Center, odors from skin can be used to identify basal cell carcinoma, the most common form of skin cancer. The findings, presented at the 236th meeting of the American Chemical Society, may open doors to development of new methods to detect basal cell carcinoma and other forms of skin cancer.
The researchers sampled air above basal cell tumors and found a different profile of chemical compounds compared to skin located at the same sites in healthy control subjects. "Our findings may someday allow doctors to screen for and diagnose skin cancers at very early stages," said Michelle Gallagher, PhD.
Human skin produces numerous airborne chemical molecules known as volatile organic compounds, or VOCs, many of which are odorous. In the study presented at the ACS, the researchers obtained VOC profiles from basal cell carcinoma sites in 11 patients and compared them to profiles from similar skin sites in 11 healthy controls.
[ ]
| |
Open source and the ‘fear factor’ mentality
Posted by l33tdawg on Thursday, August 21, 2008 - 03:36 AM (Reads: 68)
| |
Source: ZDNet (Blog)
In the current economic climate, businesses of every size are looking to reduce their spending wherever possible. Open source software, which has no upfront licensing fees, is one way of achieving significant savings.
However, in order to protect their enormous revenue streams, large software corporations have invested millions in spreading fear, uncertainty, and doubt (FUD) about the security of open source software. In this post, I will examine and debunk five commonly held myths about open source security and why large corporations are promoting a “fear factor” mentality around open source software.
[ ]
| |
Baidu cache offers more evidence of underage Chinese gymnasts
Posted by l33tdawg on Thursday, August 21, 2008 - 03:36 AM (Reads: 59)
| |
Source: Arstechnica
One of the controversies that's been swirling around the Chinese Olympic Games since they began is the age of several of China's gymnasts. According to Chinese officials (and, of course, official passports and ID cards), both He Kexin and Jiang Yuyuan are 16, and therefore old enough to compete in the Olympic Games. Unfortunately for China, there's a growing body of evidence pointing in the opposite direction, including online evidence a gumshoe hacker discovered lurking in the cache of Baidu, China's equivalent of Google.
If these allegations prove true, it would scarcely be the first time China has lied about the age of an athlete. In 2000—three years after the minimum qualifying age for Olympic Gymnastic competition was raised to 16—Chinese gymnast Yang Yun won a bronze medal for her performance on the uneven bars. Yang's passport showed her as 16 years old at the time, but the gymnast herself later admitted on Chinese national television that she and her coaches had lied about her age, and that she had been just 14 at the time. There's also evidence that Chinese gymnast Li Ya was just 13 when she competed at the World Championships in Anaheim back in 2003.
[ ]
| |
Intel Unveils Desktop Motherboard for Nettops
Posted by l33tdawg on Thursday, August 21, 2008 - 03:34 AM (Reads: 76)
|
Source: X-bit Labs
Offering more choice to entry-level desktop PC users, Intel Corporation today showcased a new desktop motherboard that packs a powerful price-performance value proposition. Running on the newly released 45nm dual-core Intel Atom Processor 330, the Intel Desktop Board D945GCLF2 “Essential Series” is the second generation of Intel’s most affordable and differentiated motherboard that integrates a single unit of compute with a microprocessor, chipset, motherboard and heat sink. Designed to specifically build nettops – a family of affordable desktops purpose built for Internet-centric usage models – the D945GCLF2 targets entry-level computer users in the emerging markets, as second or basic home PCs for mature markets, or customized for unique vertical usage models such as Internet kiosks, thin clients or POS (point-of-sale) systems.
We would like to remind you that Atom 330 was supposed to work at 1.6 GHz frequency, and the second core would have caused the TDP to be increased from 12 to 16W for the CPU and i945GSE chipset. Relatively high power consumption and heat dissipation would have made Atom processors suitable only for mini-desktop systems.
[ ]
| |
Adobe Flash ads launching clipboard hijack attack
Posted by l33tdawg on Thursday, August 21, 2008 - 03:31 AM (Reads: 70)
|
Source: ZDNet (Blog)
Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks.
In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.
According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.
[ ]
| |
Scientists design shield to prevent deadly pacemaker hijack
Posted by l33tdawg on Thursday, August 21, 2008 - 03:30 AM (Reads: 56)
| |
Source: Daily Mail (UK)
A 'cloaking' device that stops computer hackers maliciously hijacking pacemakers' radio signals could save lives, say scientists. Doctors are increasingly using wireless pacemakers to monitor the regulation of patients' heartbeats, and can even adjust the settings remotely.
But earlier this year a team of US scientists using a radio signal were able to simulate interference with the devices and claimed that, in theory, hijackers could shut them down or deliver potentially lethal electric shocks to millions of heart patients.
Now Dr Tamara Denning, a computer scientist at the University of Washington in Seattle, has devised a cloaking device that is designed to resist any instructions that come from anyone other than the doctor. `
[ ]
| |
JustHackIt: It's Like a Dating Site For Hackers
Posted by l33tdawg on Thursday, August 21, 2008 - 03:29 AM (Reads: 77)
| |
Source: Washington Post
Got that hacking jones, but can't find anyone to hack with? Head on over to JustHackIt, a site aimed at developers that launched last night. It is a place for developers to find each other, work on projects, and maybe even start a company. Developers can post projects they want to do and search through postings from other hackers. The site describes itself this way:
The idea: Outside of Silicon Valley, lots of hackers are interested in web startups but don't have a plethora of available co-founders to start a company with. Even if you know other hackers, often there are times when you want to start a project but your friends are busy. So the idea is to connect people who want to build something RIGHT NOW. Ideas can be simple 1 page websites or complex Google competitors
It reads a bit like the personals section of Craigslist, but don't let that turn you off. Basically, it is a bulletin board for hackers. The problem is that it is too simplistic. Once you start a project, then what? Who owns it, how are any revenues or shares in a resulting company/site divvied up?
[ ]
| |
FEMA phones hacked; calls made to Mideast, Asia
Posted by l33tdawg on Thursday, August 21, 2008 - 03:28 AM (Reads: 59)
| |
Source: Associated Press
A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.
The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.
FEMA is part of Homeland Security, which in 2003 put out a warning about this very vulnerability. The voicemail system is new and recently was installed. It is a Private Branch Exchange, or PBX, a traditional corporate phone network that is used in thousands of companies and government offices. Many companies are moving to a higher tech version, known as Voice Over Internet Telephony.
[ ]
| |
Fake News Bulletin Spreads Malware
Posted by l33tdawg on Thursday, August 21, 2008 - 03:27 AM (Reads: 62)
|
Source: PC World
Hackers trying to plant malware on PCs have switched from touting CNN news in come-on messages to pushing breaking stories said to be from rival network MSNBC, security experts said today.
The fake messages pose with subject headings that include the phrase "Breaking News," along with phony news story headlines, such as " Jerry Yang relinquishes control over Yahoo," "Mary-Kate Olsen responsible for Heath Ledger's death," and "Plane crashes into prep school, hundreds of kids killed," said researchers at F-Secure Corp. and Sophos Plc.
Last week, security vendors had warned users of a massive scam that used messages masquerading as news alerts from CNN. At its peak, the blitz dumped? nearly 11 million messages an hour on users.
[ ]
| |
Seven online-security blunders to avoid
Posted by l33tdawg on Thursday, August 21, 2008 - 03:26 AM (Reads: 75)
| |
Source: CNN
By now most personal-computer users know not to post their Social Security numbers on the Internet or respond to Nigerian e-mails seeking help with suspicious bank-account transfers. But many people still make mistakes that compromise their computer's security or invite identity thieves.
"You can't be too safe," said Jeff Fox, technology editor at Consumer Reports. People are more savvy today about online security, says Fox, "but a lot more education is needed. You need to be street-smart, the way you are in the real world." In an interview with CNN, Fox listed seven common online blunders that make people vulnerable to viruses and theft, and offered tips on how to avoid them
[ ]
| |
Japan warns of iPod fires
Posted by l33tdawg on Wednesday, August 20, 2008 - 01:59 AM (Reads: 242)
| |
Source: vnunet
A rare defect in the first generation iPod nano is causing a consumer scare in Japan.
The Japanese Ministry of Economy, Trade and Industry is warning users after an investigation found that the player had been responsible for at least three fires. No major injuries were reported in any of the incidents.
The problem lies within the battery unit for the player. Certain units can be prone to overheating which can then lead to a fire. The issue is not believed to affect any other iPod models or later generations of the nano. Apple is trying to ease the fears of customers worried that their iPods may be the next to combust. The company said in a statement to the Wall Street Journal that the defect has been traced back to a single supplier and is only present .001 per cent of the first generation nano model.
[ ]
| |
Mac clone maker Psystar: We're still in business
Posted by l33tdawg on Wednesday, August 20, 2008 - 01:58 AM (Reads: 255)
| |
Source: Computer World
The Mac clone maker that has been sued by Apple Inc. thought it necessary last week to quell speculation that it is no longer shipping systems. The company also announced that it has started shipping recovery discs to customers by request to help them reinstall Apple's Mac OS X 10.5 operating system.
Psystar Corp., which began selling its Open Computer and OpenPro Computer clones in April, was hit with an Apple lawsuit about seven weeks ago that accused the company of multiple copyright and trademark infringement, breach of contract and unfair competition violations.
Apple claimed Psystar's practice of installing Leopard on its machines violated the Mac OS X end-user licensing agreement (EULA). That license specifically bars users from installing the operating system on non-Apple hardware. "You agree not to install, use or run the Apple software on any non-Apple-labeled computer, or to enable others to do so," the EULA reads.
[ ]
| |
|
HITBSecConf2008 - Malaysia
The following speakers have confirmed their participation in HITBSecConf2008 - Malaysia; the premier network security event in Asia and the Middle East!
Day 1 Keynote Speakers
1.) Jeremiah Grossman (Founder & Chief Technology Officer, White Hat Security.)
2.) Marcus Ranum (Chief Security Officer, Tenable Network Security)
Day 2 Keynote Speakers
3.) Dr. Anton Chuvakin (Chief Research Officer, Log Logic Inc.)
4.) Peter Sunde [brokep] (Founder, The Pirate Bay - TPB) and Fredrik Neij [TiAMO] (Founder, The Pirate Bay - TPB) 
Conference Speakers (alphabetical order)
1. AR (Independent Network Security Researcher, Securebits)
2. Adrian ‘pagvac’ Pastor (ProCheckUp Ltd. / GNUCITIZEN)
3. Akshay Agrawal (Practice Manager, Microsoft Information Security ACE Team)
4. Andrew ‘Q’ Righter (HacDC)
5. Alexander Tereshkin (Principal Researcher, Invisible Things Lab)
6. Charlie Miller (Principal Analyst, Independent Security Evaluators)
7. Ching Tim Meng (Security Consultant, Cable & Wireless)
8. Dino Covotsos (Managing Director, Telspace Systems)
9. Dino Dai Zovi (Security Researcher)
10. Ero Carrera (Reverse Engineering Automation Researcher, zynamics GmbH)
11. Haroon Meer (Technical Director, Sensepost Information Security)
12. Hernan Ochoa (Senior Security Consultant, Core Security Technologies)
13. Ilfak Guilfanov (Founder/CEO of Hex-Rays SA and creator of IDA Pro)
14. Jamie Butler (Coauthor of Rootkits: Subverting the Windows Kernel)
15. Jim Geovedi (Member of HERT & Security Consultant, PT. Bellua Asia Pacific)
16. Julian Ho (Chief Operating Officer, THINKSecure Pte. Ltd.)
17. King Tuna (Independent Network Security Researcher)
18. Kris Kaspersky (Independent Network Security Researcher)
19. Lee Chin Sheng [geek00l] (Independent Network Security Researcher)
20. Matthew Geiger (Forensics Specialist, CERT)
21. Meling Mudin [spoonfork] (Independent Network Security Researcher)
22. Marc Weber Tobias (Investigative Attorney and Security Specialist)
23. Nitesh Dhanjani (Senior Manager, Ernst & Young)
24. Paul Craig (Principal Security Consultant, Security-Assessment.com)
25. Pedram Amini (Manager, Security Research, TippingPoint)
26. Petko D. Petkov [pdp] (GNUCITIZEN)
27. Shreeraj Shah (Director, BlueInfy)
28. Saumil Shah (Founder, Net-Square)
29. The Grugq (Independent Network Security Researcher)
There are very limited seats and registrants are encouraged to register early!
REGISTER NOW
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· MDVSA-2008-177.txtMandriva Linux Security Advisory - Guido Landi found a stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.
· MDVSA-2008-176.txtMandriva Linux Security Advisory - A stack-based buffer overflow was found in mtr prior to version 0.73 that allowed remote attackers to execute arbitrary code via a crafted DNS PTR record, when called with the --split option. The updated packages provide mtr 0.73 which corrects this issue.
· MDVSA-2008-175.txtMandriva Linux Security Advisory - A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs. The updated packages have been patched to correct this issue.
· surveywizard-sql.txtSurvey Wizard suffers from a remote SQL injection vulnerability.
· dxshopcart-sql.txtDXShopCart version 4.30mc suffers from a remote SQL injection vulnerability.
· faqman-sql.txtFAQ Management suffers from a remote SQL injection vulnerability.
· CORE-2008-0813.txtCore Security Technologies Advisory - vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 suffer from a cross site scripting vulnerability.
· CORE-2008-0624.txtCore Security Technologies Advisory - Anzio Web Print Object (WePO) is a Windows ActiveX web page component that suffers from a buffer overflow vulnerability.
Topics
· All topics
· AMD News (Aug 21, 2008)
· Apple News (Aug 21, 2008)
· Articles (Feb 13, 2006)
· Ask Us (Feb 01, 2003)
· Audio/Video (Aug 18, 2008)
· Encryption (Jul 30, 2008)
· Games (Aug 14, 2008)
· Hardware (Aug 19, 2008)
· HITB News (May 18, 2008)
· Industry News (Aug 21, 2008)
· Intel News (Aug 21, 2008)
· Law and Order (Aug 21, 2008)
· Linux (Aug 20, 2008)
· Microsoft (Aug 20, 2008)
· Networking (Aug 20, 2008)
· PDAs (Feb 09, 2007)
· Privacy (Aug 21, 2008)
· Red Hat (May 13, 2008)
· Science (Aug 21, 2008)
· Security (Aug 21, 2008)
· Software & Programming (Aug 17, 2008)
· Spam (Aug 20, 2008)
· Technology (Aug 21, 2008)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Aug 21, 2008)
· Wireless (Aug 19, 2008)
|
Re: Virtual Tabletop for RPGs