Top Stories for Today
[11] Hackers disrupt Sri Lankan news website [11] Spanish Police Arrest Major Internet Hackers [5] Firefox 3.0 Release Candidate 1 (RC1) available for download [3] PayPal meltdown wreaks havoc on some ecommerce websites [3] Google Street View could become a legal problem in Europe View the Top 50 articles
Top 20 of the Last 2 Weeks
|
Firefox 3.0 Release Candidate 1 (RC1) available for download
Posted by l33tdawg on Sunday, May 18, 2008 - 01:22 AM (Reads: 5)
|
Source: Mozilla Developer News
The first Firefox 3 Release Candidate is now available for download. This milestone is focused on testing the core functionality provided by many new features and changes to the platform scheduled for Firefox 3. Ongoing planning for Firefox 3 can be followed at the Firefox 3 Planning Center, as well as in mozilla.dev.planning and on irc.mozilla.org in #granparadiso.
New features and changes in this milestone:
* Improvements to the user interface based on user feedback, including changes to the look and feel on Windows Vista, Windows XP, Mac OS X and Linux.
* Changes and fixes for new features such as the location bar autocomplete, bookmark backup and restore, full page zoom, and others, based on feedback from our community.
* Fixes and improvements to platform features to improve security, web compatibility and stability.
* Continued performance improvements: changes to our JavaScript engine as well as profile guided optimization continues to improve performance over previous releases as measured by the popular SunSpider test from Apple, and in the speed of web applications like Google Mail and Zoho Office.
[   ]
| |
Google Street View could become a legal problem in Europe
Posted by l33tdawg on Sunday, May 18, 2008 - 01:18 AM (Reads: 3)
|
Source: Tech Whack
EU’s data protection agency has said that Google’s Street View service could cause privacy concerns in the European country.
Google has already started putting US cities imagery on their web service. And they could next aim to extend the feature to popular European destinations.
European Union Data Protection Supervisor Peter Hustinx said in a statement on their stand: “Making pictures everywhere is certainly going to create some problems.”
Google might have to make adjustments to the photos if they want to stay away from legal hassles in Europe.
[ ]
| |
PayPal meltdown wreaks havoc on some ecommerce websites
Posted by l33tdawg on Sunday, May 18, 2008 - 01:15 AM (Reads: 3)
|
Source: The Register
A glitch in PayPal's payment verification system is wreaking havoc on some ecommerce sites that depend on the service. For more than 48 hours, the bug in PayPal's instant payment notification has made it impossible for them to process orders, owners of these businesses complain.
Making matters worse, the glitch causes credit card holders who place orders to be billed even though they are unable to take delivery of the goods or services they've just purchased. PayPal customers began reporting the difficulty on Thursday morning and at time of publication - more than two days later - PayPal owner eBay was still struggling to fix the problem.
"We can't accept payments done with PayPal which is a really large share of our payments since most of our customers are from America and PayPal is almost a de facto standard or means for online payment there," Rikard Froberg, technical director of eClassical.com wrote in an email. "The customer knows nothing about this, orders and pays but never gets the goods he paid for, or gets them very late (for instant delivery, the patience is very short) so it looks like the store ripping the customer off."
[ ]
| |
Spanish Police Arrest Major Internet Hackers
Posted by l33tdawg on Sunday, May 18, 2008 - 01:13 AM (Reads: 11)
| |
Source: ABC News (Australia)
Spanish police have announced the arrest of five suspected hackers, including two 16-year-olds, who are accused of attacking government websites in the United States, Asia and Latin America.
The youths belonged to "one of the most active groups of hackers on the Internet," having disabled 21,000 web pages over a two-year period, a police statement says.
"They would substitute the contents of the Web pages attacked with protest messages and included the same anarchist symbols," it added.
Although the group has never met, it is alleged that they organised and coordinated their attacks over the internet, working in particularly with hackers in Latin America.
[ ]
| |
Hackers disrupt Sri Lankan news website
Posted by l33tdawg on Sunday, May 18, 2008 - 01:10 AM (Reads: 11)
|
Source: The Sunday Times Online (Sri Lanka)
A local news website was allegedly hacked and disrupted by an unknown party on Friday, preventing the administrators from uploading any news. The hackers, who had allegedly hacked into the e-mail account of the news website lankadissent.com, had sent threatening e-mails to several officials on the account’s contact list. The hackers later disrupted the website itself by changing the administrator’s password and preventing new material from being added on to the site.
Ruwan Ferdinandez, spokesman for the website, which is maintained by the Sri Lanka Freedom Party (Mahajana Wing), told The Sunday Times that a letter relating to the hacker incident has already been forwarded to the Free Media Movement (FMM). The spokesman speculated that government forces may be behind the hacking, in a bid to stifle the freedom of the media.
[ ]
| |
How to avoid the BitTorrent blockade
Posted by l33tdawg on Saturday, May 17, 2008 - 01:57 AM (Reads: 820)
|
Source: PC Advisor (UK)
More and more internet service providers are blocking traffic to P2P file-sharing services. Find out whether you've been targeted, and learn how to get around the restrictions.
With this in mind we've rounded up a number of tips and tools that can help you determine whether you're facing a BitTorrent blockade and, if so, help you get around it.
Vuze, a company that makes peer-to-peer (P2P) software and uses the platform to distribute content, published a study in April in which it concluded that all US broadband providers including; AT&T, Cablevision Systems, Charter Communications, ComCast Time Warner Cable and Verizon disrupt P2P traffic. Vuze asserted that these ISPs regularly send 'false reset' messages to the Vuze software with the aim of slowing file transfers.
[ ]
| |
Vodafone to buy online social networking site ZYB
Posted by l33tdawg on Saturday, May 17, 2008 - 01:56 AM (Reads: 168)
| |
Source: Mobile Today
Vodafone will pay £25m (31.5m) for Danish online social networking and management company ZYB.
ZYB is an online tool for mobiles that lets users back-up and share their handsets’ contact and calendar information online.
Pieter Knook, Internet Services Director for Vodafone Group, said: ‘Using a web portal as a link between the PC and the mobile device, ZYB provides an interactive way for people to nurture, contact and develop their relationships with their most important friends and colleagues and builds links with those contacts’ wider networks. This is Web 2.0 in action.
[ ]
| |
Motorola's Strategy Chief Is Latest to Exit
Posted by l33tdawg on Saturday, May 17, 2008 - 01:55 AM (Reads: 176)
| |
Source: WSJ
Rich Nottenburg, Motorola Inc.'s chief strategy and technology officer, resigned amid continued turmoil in the company's executive ranks.
Mr. Nottenburg's departure leaves Chief Executive Greg Brown with a shrinking pool of senior staff to help him steer Motorola as demand plummets for its cellphones and as activist investor Carl Icahn takes a greater role through two representatives on the board.
The Schaumburg, Ill., equipment maker has been reeling from the meltdown of its mobile devices division, which has lost $1.6 billion since January 2007.
[ ]
| |
Microsoft Demonstrates Windows XP on the XO
Posted by l33tdawg on Saturday, May 17, 2008 - 01:06 AM (Reads: 199)
|
Source: OS News
Microsoft and the One Laptop Per Child project have announced an agreement to work together on getting Windows XP available on the XO laptop, with trials starting in June 2008, and the RTM date set for August or September. Microsoft also demonstrated Windows XP Professional and Office 2003 running on the XO laptop.
The implementation of Windows XP Professional on the XO laptop is not, in any way, limited or crippled, as the company explains. It's feature-complete, has a battery life of 20 hours, boots in 50 seconds (which is 4 times faster than the original XO Linux implementation), and required a whole load of custom drivers in order for it to work on the XO, which has a 433Mhz AMD Geode processor, 256MB of RAM, and 1GB of Flash storage. Microsoft needed to write drivers for the various pieces of hardware in the XO laptop, and also a new BIOS that would allow Windows XP to be booted off a 2GB Flash card; the 1GB of internal storage of the XO was not enough to house Windows XP Professional and Office 2003.
[ ]
| |
Asus Considering Suing Gigabyte for 'Disinformation'
Posted by l33tdawg on Saturday, May 17, 2008 - 01:05 AM (Reads: 149)
| |
Source: Extreme Tech
Asus said it is ready to file suit to counter claims made by Gigabyte Technology, apparently about the so-called "Energy Processor Unit" Asus has begun building into its motherboards.
According to Asus, a rival motherboard company held a press conference to offer an early look at its Computex offerings, primarily for Asian journalists. At that press conference, which Asus officials said was held by Gigabyte, officials made what Asus felt were disparaging statements about the company's EPU as well as Asus as a manufacturer and a competitor, according to Vivien Lien, a spokeswoman for Asus' North American division. Similar statements were posted online, Lien said, where they were paraphrased and posted elsewhere.
[ ]
| |
Hacker Gets 5 Years for Prank 911 Calls Resulting in SWAT Team Raids
Posted by l33tdawg on Saturday, May 17, 2008 - 12:58 AM (Reads: 163)
| |
Source: ABA Journal
The leader of a group of hackers who reportedly sent police SWAT teams to fictitious hostage situations in the homes of some 250 innocent people in 60 cities between 2002 and 2006 was sentenced yesterday by a federal judge in Texas to five years in prison.
Describing the pranks, in which the group used spoofing technology to place calls, seemingly, from another phone line, as a form of domestic terrorism, U.S. District Judge Jane Boyle also fined Stuart Rosoff, of Ohio, $75,000, reports the Dallas Morning News.
"Group members pretended to be inside their victims' homes, claiming to be holding hostages and threatening to kill them. Some people were injured as police stormed the homes," the newspaper writes.
[ ]
| |
PC Tools attacks Vista's security again
Posted by l33tdawg on Saturday, May 17, 2008 - 12:57 AM (Reads: 209)
| |
Source: Secure Computing
The row between PC Tools and Microsoft over Windows Vista security escalated today with PC Tools attacking the effectiveness of Vista’s User Access Control (UAC) tool.
Earlier this week, Microsoft attacked results of a PC Tools' study which found Vista allowed 639 threats per thousand PCs compared with 86 for Windows 2000.
In a blog posting, director of Windows product management security at Microsoft, Austin Wilson, said Microsoft rejected the claims and vowed that Windows Vista was significantly less susceptible to malware than older operating systems.
[ ]
| |
Lawyer says his e-mail used by hacker for hate messages
Posted by l33tdawg on Saturday, May 17, 2008 - 12:56 AM (Reads: 147)
|
Source: NY Daily News
A disgruntled hacker allegedly hijacked a Pennsylvania lawyer's e-mail account and sent out racist rants - attracting the attention of the FBI.
"Hi, I'm Richard I. Moore, attorney at law," begins one of the bogus e-mails, which have been circulating for two weeks. "[I] make your child hate their African-American parent, and black people in general."
Moore, a divorce and custody lawyer for over 40 years, said hackers used his real e-mail address to send out the hateful rants. The e-mails also included his real phone and fax numbers along with his address.
[ ]
| |
PayPal XSS Vulnerability Undermines EV SSL Security
Posted by l33tdawg on Saturday, May 17, 2008 - 12:55 AM (Reads: 162)
| |
Source: Netcraft (News)
A security researcher in Finland has discovered a cross-site scripting vulnerability on paypal.com that would allow hackers to carry out highly plausible attacks, adding their own content to the site and stealing credentials from users.
The vulnerability is made worse by the fact that the affected page uses an Extended Validation SSL certificate, which causes the browser's address bar to turn green, assuring visitors that the site – and its content – belongs to PayPal. Two years ago, a similar vulnerability was discovered on a different page of the PayPal site, which also used an SSL certificate.
Harry Sintonen discovered the vulnerability and announced it to other web application security specialists in an Internet Relay Chat (IRC) channel today. Sintonen told Netcraft that the issue was critical, adding that, "you could easily steal credentials," and, "PayPal says you can trust the URL if it begins with https://www.paypal.com," which is not true in this case.
[ ]
| |
Wardrivers: Pioneers or Pirates?
Posted by l33tdawg on Saturday, May 17, 2008 - 12:54 AM (Reads: 170)
|
Source: WiFi Planet
What initially attracted Lee Almodovar of Freemont, CA to wardriving was the possibility that he was breaking the law. He began wardriving in 2000, right out of high school, after discovering Walmart stocked inexpensive Wi-Fi cards.
"At this time, I also acquired my first car and had a few computers that dual-booted between Windows and Linux," said Almodovar, adding that he had a custom built 'cantenna' on his car for the purpose of wardriving. "The initial thrill of the thought that I could be breaking some random law drew me to wardriving—to mapping the neighborhood—and just overall experiencing the Internet in a method unlike I had ever experienced with dial-up."
Today, Almodovar rarely wardrives, but admits that he does find himself looking for open networks when he's out on business or pleasure with his laptop or PDA.
[ ]
| |
Japanese P2P Virus Writer Convicted, Escapes Jail
Posted by l33tdawg on Saturday, May 17, 2008 - 12:53 AM (Reads: 134)
| |
Source: Govtech
Experts are questioning whether courts worldwide are giving consistent sentences to hackers following news that a Japanese man has escaped jail, despite admitting writing a virus that wiped music and movie files on innocent users' computers.
Masato Nakatsuji, who was revealed to be the first ever virus writer to be arrested in Japan when he was apprehended in January, admitted writing the malware which displayed images of popular TV anime characters while destroying data on third party computers. The malicious code was spread via the controversial Winny file-sharing system in Japan last year.
Today, Nakatsuji, a graduate student at Osaka Electro-Communication University, was found guilty in Kyoto District Court and sentenced to two years in jail. However, as the sentence is suspended for three years he will not have to serve any time in prison.
[ ]
| |
Quantum cryptography not yet perfectly secure, researchers say
Posted by l33tdawg on Saturday, May 17, 2008 - 12:48 AM (Reads: 136)
|
Source: IT News
Quantum cryptography – commonly lauded as an absolutely secure avenue of data transfer – has been broken.
The advanced technology was thought to be unbreakable due to laws of quantum mechanics that state that quantum mechanical objects cannot be observed or manipulated without being disturbed.
In quantum cryptography, regular information is encrypted and decrypted with a quantum key. Any attempts to copy a quantum cryptographic key in transit will be noticeable as extra noise, and cause the communication to be aborted. But a research team at Linköping University in Sweden claim that it is possible for an eavesdropper to extract the quantum cryptographic key without being discovered.
[ ]
| |
Robotic suit amplifies human strength
Posted by l33tdawg on Saturday, May 17, 2008 - 12:44 AM (Reads: 186)
|
Source: CNN
Rex Jameson bikes and swims regularly, and plays tennis and skis when time allows. But the 5-foot-11, 180-pound software engineer is lucky if he presses 200 pounds -- that is, until he steps into an "exoskeleton" of aluminum and electronics that multiplies his strength and endurance as many as 20 times.
With the outfit's claw-like metal hand extensions, he gripped a weight set's bar at a recent demonstration and knocked off hundreds of repetitions. Once, he did 500.
"Everyone gets bored much more quickly than I get tired," Jameson said. Jameson -- who works for robotics firm Sarcos Inc. in Salt Lake City, which is under contract with the U.S. Army -- is helping assess the 150-pound suit's viability for the soldiers of tomorrow.
[ ]
| |
Apple Signs More Nonexclusive iPhone Deals
Posted by l33tdawg on Saturday, May 17, 2008 - 12:43 AM (Reads: 158)
|
Source: Information Week
As iPhone aficionados await the unveiling of new and faster models, they can look to the deals signed in recent days in Europe for hints of Apple's new attitude toward service providers. Apple has signed agreements with service providers in Italy and Austria as well in a handful of smaller countries show that the company can deviate from its insistence on exclusivity.
Orange on Friday said it will sell the iPhone in several countries including Austria, where Deutsche Telekom has had the exclusive deal with Apple to sell the iPhone. Orange also will market the iPhone in Belgium, the Dominican Republic, Egypt, Jordan, Poland, Portugal, Romania, Slovakia, Switzerland, and some African countries.
[ ]
| |
Major Crypto Bug Cripples Ubuntu Linux Security
Posted by l33tdawg on Friday, May 16, 2008 - 02:22 AM (Reads: 559)
|
Source: Yahoo! News
A major problem has been revealed in Debian Linux and derivative packages, such as Ubuntu. Debian revealed the other day that a fix they made back in September 2006 had the unintended consequence of crippling the strength of their OpenSSL distribution.
OpenSSL is used, of course, for Secure Sockets Layer which provides authentication and encryption for web traffic, but it's also used for other cryptography functions. OpenSSL is a very important package that brought public key cryptography to the masses; prior to OpenSSL, https web sites were expensive and complicated to build.
The strength of public key encryption relies, in large part, on the large number of potential keys that could be used to encrypt data. Keys are often 1024 or 2048 or 4096 bits long; these store very large numbers so a brute force attack, trying all of the possibilities, could take a prohibitive amount of time.
[ ]
| |
|
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· ZDI-08-025.txtA vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe service listening by default on TCP port 402. The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of Altiris Deployment Solution to easily decrypt the credentials.
· ZDI-08-024.txtA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. Exploitation of this vulnerability can result in arbitrary code execution under the context of the SYSTEM user.
· sunshop-blindsql.txtSunShop version 3.5.1 remote blind SQL injection exploit.
· aid-051408.ascAruba Networks Security Advisory - A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using TACACS authentication for Controller management users. Cross-site scripting vulnerabilities were discovered during standard bug reporting procedures in the Aruba Mobility Controller. Certain malformed inputs to the web UI allow the injection of cross-site scripting (XSS) components, leading to a potential compromise of client web session integrity.
· altiris.pdfWhitepaper discussing privilege escalation vulnerability in the Symantec Altiris Deployment Solution.
· 68classifieds-sql.txt68 Classifieds version 4.0 suffers from a SQL injection vulnerability in category.php.
· newsmanager-rfisql.txtNewsmanager version 2.09 suffers from remote file inclusion, remote file disclosure, SQL injection, and permission bypass vulnerabilities.
· kostenloses-sql.txtKostenloses Linkmanagementscript suffers from multiple SQL injection vulnerabilities.
Topics
· All topics
· AMD News (May 07, 2008)
· Apple News (May 17, 2008)
· Articles (Feb 13, 2006)
· Ask Us (Feb 01, 2003)
· Audio/Video (May 07, 2008)
· Encryption (May 17, 2008)
· Games (May 15, 2008)
· Hardware (May 10, 2008)
· HITB News (Dec 03, 2007)
· Industry News (May 18, 2008)
· Intel News (Apr 29, 2008)
· Law and Order (May 18, 2008)
· Linux (May 16, 2008)
· Microsoft (May 17, 2008)
· Networking (May 17, 2008)
· PDAs (Feb 09, 2007)
· Privacy (May 17, 2008)
· Red Hat (May 13, 2008)
· Science (Apr 28, 2008)
· Security (May 18, 2008)
· Software & Programming (May 18, 2008)
· Spam (May 12, 2008)
· Technology (May 17, 2008)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (May 16, 2008)
· Wireless (May 17, 2008)
Latest Advisories from Xatrix
|
Re: Ubuntu and Ventrilo