Top Stories for Today
[532] No excuses -- encrypt all laptops [355] Asprox computer virus infects key government and consumer websites [294] Microsoft's DNS Fix Leads to More Problems [198] Clever students make hapless admin's job a nightmare [194] Kaminsky on How He Discovered DNS Flaw and More [175] Can obscurity make cryptography better? [135] Steve Jobs teases over new Apple products [135] 'Cold boot' tools surface [131] Malware Spammers Get Sense of Humor [130] Computer tech hands over secret codes to Newsom in jailhouse visit [124] Kerfuffle erupts as DNS flaw described [118] Last HOPE to become Next HOPE [111] Philadelphia TV Anchor Accused Of Hacking Rival's E-mail [109] Are you prepared for targeted attacks? [108] Iranian hackers target Israeli Web site over message by Jewish group [106] Second firm tests Apple's legal resolve with Mac OS X-ready PCs [103] China arrests cyber dissident, rights group says [103] Mind games: Harnessing the power of your thoughts [102] Courts strike down COPA [101] Singaporean lawyer Anamah Tan latest victim of e-mail hoax [95] New service helps callers avoid awkward cell-phone moments [93] Kaspersky Lab's Malaysian Web site hacked [88] To disclose or not to disclose? [86] Kaspersky says hacking attack did no damage [85] MySpace Supports OpenID Universal Sign In [79] Pwnie Awards celebrate best and worst of security View the Top 50 articles
Top 20 of the Last 2 Weeks
|
20 Latest Articles with Comments
VoIPshield reveals VoIP vulnerabilities
Posted by l33tdawg on 2008-06-28 02:18:42 (Reads: 543)
| 
Source: SC Magazine (US)
VoIPshield Laboratories has alerted companies that market voice over IP systems of new security vulnerabilities. The VoIP vulnerabilities, if successfully exploited, could affect brand reputation, internal productivity, and competitive advantage, researchers said.
VoIPshield does not reveal specifics about the vulnerabilities to the public, Bogdan Materna, VoIPshield Laboratories chief technology officer, told SCMagazineUS.com on Friday.
“We don't want to give hackers information to work from,” he said. Instead, under its disclosure policy, VoIPshield works with the VoIP vendors to assist them in reproducing the vulnerabilities in their labs.
| |
Bill aimed at small-biz cybersecurity
Posted by l33tdawg on 2008-06-11 00:25:04 (Reads: 561)
| |
Source: FCW
Lawmakers have introduced legislation to help protect small businesses from computer hackers and information security breaches.
On June 9, Sens. John Kerry (D-Mass.) and Olympia Snowe (R-Maine) joined Reps. Michael Michaud (D-Maine) and Donald Manzullo (R-Ill.) in introducing versions of the Small Business Information Security Act of 2008 in both houses of Congress.
The measures would create a Small Business Information Security Task Force at the Small Business Administration. The task force's goal would be to help small firms understand and effectively respond to information security vulnerabilities, said Nick Christiansen, a spokesman for the Senate Small Business and Entrepreneurship Committee.
| |
Ex-Microsoft Employee Takes Lead on XP SP3 Reboot Problem, Offers Free Fix
Posted by l33tdawg on 2008-05-16 02:21:23 (Reads: 2404)
| |
Source: Redmond Mag
A former Microsoft employee appears to be coming to the rescue of those suffering from the XP SP3 endless reboot cycle that can happen on computers with AMD processors -- a problem for which Microsoft has yet to announce a solution.
As first noted by Computerworld, on Wednesday author and Microsoft MVP Jesper Johansson -- who until 2006 was a senior security strategist at Microsoft -- released a home-spun tool that automatically checks for a configuration error that may be the cause of the reboot problem.
"If you have an AMD-based computer, and all you want to do is prevent the problem before installing Service Pack 3, then try the new tool I just wrote," he stated in this blog post yesterday. "It will first check whether you have an AMD-based computer. If you do it will check whether the IntelPPM driver is set to load. If it is it will offer you an option to disable it." Johansson also offers instructions for using the tool on multiple computers simultaneously.
| |
Why you should switch off your Bluetooth
Posted by l33tdawg on 2008-02-06 02:38:18 (Reads: 2284)
| |
Source: Business Daily (Africa)
Your Bluetooth could land you into a lot of problems if left unattended. While a Bluetooth offers a number of interesting features that can simplify our daily lives, savvy blue jackers are always on the look out.
“It is not only dangerous to leave your Bluetooth on, but it can cost you your phone,” said Anail Sharmal of Simba Telecom Ltd.
Sharma says blue jacking allows phone users to obtained data from someone else’s phone at times without their consent. One does not have to be a techie to go into your phone using Bluetooth.
| |
The 20 most useful Microsoft sites for IT professionals
Posted by l33tdawg on 2008-03-13 02:12:00 (Reads: 5004)
| |
Source: Computer World (Australia)
Microsoft professionals have a lot to keep track of, and a lot of market noise to contend with. That's why we've compiled this list of the 20 best places on the Web to help you find what you need. The list includes technology-specific sites, worthy bloggers and safe resources to help you pass your next Microsoft cert or training course. Plus we'll reveal places for trustworthy free Microsoft software and the best sites to help you stay on top of the voluminous amount of news churned out by, and about, the folks in Redmond.
| |
Conference videos from HITBSecConf2007 - Malaysia released!
Posted by l33tdawg on 2007-12-03 07:11:42 (Reads: 1679)
| |
Source: HITB Videos
The videos from Hack In The Box Security Conference 2007 Malaysia is now available for download! The files were created in Quicktime, however if you're having trouble playing them on your platform, please ensure you have the latest 3IVX codec installed.
Time to fire up your favorite Bit Torrent clients and please remember to seed!
Day 1 Torrent
Day 2 Torrent
On a related note, the Call for Papers for HITBSecConf2008 - Dubai is still open. If you're interested in speaking at the upcoming event in the UAE, please take a look at the CFP page for details on how to submit. We are especially looking for more submissions from the EMEA region.
| |
Ubuntu Linux Vs. Windows Vista: The Battle For Your Desktop
Posted by l33tdawg on 2007-08-06 03:24:30 (Reads: 1986)
| |
Source: Information Week
The prevailing wisdom about Linux on the desktop runs something like this: "I'll believe Linux is ready for the desktop as soon as you can give me a Linux distribution that even my grandmother can run." For some time, the folks at Ubuntu have been trying their best to make Granny -- and most everyone else -- happy. They've attempted to build a Linux distribution that's easy to install, use, configure, and maintain -- one that's at least as easy as Windows, and whenever possible, even easier. As a result, Ubuntu is one of the Linux distributions that has been most directly touted as an alternative to Windows.
In this feature, I'm going to compare the newly-released Ubuntu 7.04 (codenamed "Feisty Fawn") with Microsoft Windows Vista in a number of categories. To keep the playing field as level as possible, I'm looking wherever I can at applications -- not just in the sense of "programs," but in the sense of what the average user is going to do with the OS in a workday. Sometimes the differences between the two OSes are profound, but sometimes the playing field levels itself -- OpenOffice.org, for instance, is installed by default in Ubuntu, but adding it to Vista isn't terribly difficult.
| |
Hands-On With TrueCrypt 5: Open Source System-Wide Encryption
Posted by l33tdawg on 2008-02-14 00:45:56 (Reads: 2212)
| |
Source: Information Week
Scarcely a week goes by these days without word of the theft of a computer with sensitive personal information on it. It's gotten that much easier to protect such data with whole-drive encryption, but those kinds of solutions have typically been proprietary, like Windows Vista's BitLocker (which isn't available in all versions of Vista, either). Now comes version 5 of the free and open source encryption system TrueCrypt, which features -- you guessed it -- whole-drive encryption. My associate George Hulme touched on TrueCrypt before, but I decided to try encrypting my Windows notebook with it and see how it held up.
TrueCrypt itself has been around for some time now, and runs on all major OSes (Win/Lin/Mac). Instead of encrypting individual files, it lets you create a virtual volume -- either stored in a file or directly on a disk partition -- which is encrypted on the fly as you read from and write to it. The biggest new feature in TrueCrypt 5 is the ability to encrypt a system's boot volume -- exactly the same feature as Windows Vista's BitLocker, but without the premium cost involved. And in this case, it doesn't even require Vista. Windows XP, Windows 2003 Server, and Vista are all supported.
| |
Truecrypt 5.0 is out and it's free
Posted by l33tdawg on 2008-02-07 13:29:24 (Reads: 2040)
| |
Source: The Inquirer
TRUECRYPT - the vendor of free, open source, on-the-fly data encryption - has released version 5.0.
Truecrypt is free and available for Windows Vista or XP, Mac OS/X, and Linux.
What's new in Truecrypt release 5.0 includes a version for Mac OS/X and the capability to encrypt the system hard drive, that is, where Windows Vista or XP is installed, with pre-boot authentication. What that means is that anyone who wants to use the system must first enter the password before the PC will boot.
| |
5 MacBook (Hot) Air Alternatives
Posted by l33tdawg on 2008-01-21 04:37:26 (Reads: 1641)
| |
Source: Information Week
The MacBook (Hot) Air is the usual triumph of wannabe coolness over value. But once we get away from the self-congratulatory Apple polishers, who pat themselves on the back for recognizing how "insanely great" Steve Jobs is -- while conspicuously advertising they've got the dough to purchase another toy, one without a DVD drive, yet -- most of us want a computer we can live with for business and leisure. That means a Windows machine. Fortunately, there are some nice ultra-portables out there.
First up is a product which doesn't quite exist yet. Fans of the ThinkPad -- and count me among that group -- love these machines for their reliability, durability, and performance. No, they're not cheap. But nor are they overpriced; they deliver great value for the money.
| |
Doing without anti-virus software
Posted by l33tdawg on 2008-01-20 06:48:41 (Reads: 2209)
| |
Source: Gulf News
Is it a good idea to run anti-virus software? It may seem like an answer that would require an overwhelming "YES," but as virus attacks are decreasing, some users are uninstalling their old anti-virus software. For those who have decided to digitally "go commando," here are a few tips.
1No cookies Many websites require you to accept cookies. We're not talking about chocolate covered biscuits but about small software files that are downloaded to your computer. Most have a legitimate purpose but some are malicious software that can harm your computer or compromise your personal information. Just because you're visiting a "reliable" website doesn't mean you're safe either, hackers have been known to sneak their own cookies onto popular sites. Your browser will have the option to turn cookies off, but beware, you will need to turn cookies back on to do some things online, like shop.
| |
Microsoft XP Programs Keygen.
Posted by on 2002-06-17 20:13:19 (Reads: 1313333)
| |
Source:
The new Microsoft XP program suite - everyone knows them, no one likes their product activation because it restricts the use of a cd-key to a single installation.
This keygen computes random and virtually unique cd-keys for either Office XP Pro or Windows XP Pro, which can be used to install and *activate* these products on a unlimited number of systems - without risking to invalidate a patched version by a product update ! It says compute and not generate because it takes some time to verify, if a random cd-key can be made valid (use the benchmark mode to check how long that should take on your system). Unfortunately can not every random cd-key be made valid, so it usually needs more than one try to compute a valid cd-key (chances are about 1 to 40). In general it takes about five to ten minutes to come up with a usuable cd-key.
Download it!! - Fileconnect
| |
Footprinting: The Basics of Hacking
Posted by L33tdawg on 2002-02-13 21:04:49 (Reads: 43971)
| |
Source:
By:ManicVelocity (2600 Salt Lake City)
¥ What Is Footprinting?
Footprinting is the first and most convenient way that hackers use to gather information
about computer systems and the companies they belong to. The purpose of footprinting to
learn as much as you can about a system, it's remote access capabilities, its ports and
services, and the aspects of its security.
In order to perform a successful hack on a system, it is best to know as much as you can,
if not everything, about that system. While there is nary a company in the world that
isn't aware of hackers, most companies are now hiring hackers to protect their systems.
And since footprinting can be used to attack a system, it can also be used to protect it.
If you can find anything out about a system, the company that owns that system, with the
right personell, can find out anything they want about you.
In this talk, I will explain what the many functions of footprinting are and what they do.
I'll also footprint everyone's favorite website, just to see how much info we can get on
Grifter.
| |
Photo evidence of the new Apple sub notebook?
Posted by l33tdawg on 2008-01-03 02:00:00 (Reads: 7769)
| |
Source: Crunch Gear
Could this be a photo of the new Apple sub notebook everyone has been talking about? Granted the shot isn't all that clear, but it does look pretty legit. Interestingly the touchpad area is HUGE in comparison to the MBP sitting next to it... Better mark your calendars for the Macworld keynote on the 15th :)
| |
iPod Touch SIP VoIP client released
Posted by l33tdawg on 2008-01-01 04:04:54 (Reads: 2066)
| |
Source: Touchmods
The uber hackers eok, marian and samuel have released version 1.0 of the SIP-VoIP clients for the iPod Touch! You will need to either register for a SIP account (freecall.com is what their using for their testing) or you could also use your own Asterisk server.
To grab a copy of the 1.0 release, you'll need to add the Touchmods repository (http://touchmods.net/rep.xml) to Installer.app. Our mics have not arrived yet so we can't quite test the software just yet, but from the videos and feedback posted on their site, it looks like the solution works quite well indeed!
| |
Review: Mac OS X x86 10.4.1 & 10.4.3
Posted by l33tdawg on 2005-12-13 00:27:39 (Reads: 46894)
| |
Source: HITB E-Zine Issue #37
By: L33tdawg
Disclaimer: This article is for INFORMATIONAL / EDUCATIONAL purposes only. HITB does not condone software piracy.
Introduction
Back in June 2005 when Apple first announced its plans to scrap its partnership with IBM and switch its computers to Intel's microprocessors, I think everyone was a little too shocked for words. There was once a time when Apple had sworn that PowerPC was a more superior platform and that Intel basically sucked.
Indeed the shift for Apple is important but the question I was asking my self was "Would this then mean that OS X would work on a normal PC machine?" The answer from Apple was a resounding NO as they went on to explain how OS X would be 'locked down' to run only on designated Apple hardware. To do this, Apple planned to make use of a security chip on Intel motherboards called the Trusted Platform Module (TPM).
A hacker by the name of Maxxuss however had other plans and not only managed to fool OS X into not using the TPM authentication but to also enable the OS to run on older machines, typically those sporting SSE2 instruction sets. The end result is that a fair number of people have now had a chance to test out this absolutely brilliant operating system :)
| |
Pirated Simpsons movie traced to phone
Posted by l33tdawg on 2007-08-21 01:01:48 (Reads: 1926)
| |
Source: The Register
A man has been arrested in Australia on suspicion of filming The Simpsons Movie in a cinema on his mobile phone and uploading it to the internet. The unnamed 21-year-old from Sydney has been charged with copyright theft and could face up to five years in jail.
An illegal copy of the hit movie was available on a streaming website and downloaded more than 3,000 times even before the official film was screened in the US, according to the Australian Federation Against Copyright Theft (AFACT). That copy, said to be the first in the world, was traced to an address in Sydney. Cooperation among the Australian Federal Police, AFACT and distributor 20th Century Fox resulted in the removal of the unauthorised copy within 72 hours of its posting.
AFACT investigators found that the movie had also been re-edited with an unauthorised French language version, reformatted and shared using Bittorrent and other peer-to-peer services, resulting in more than 110,000 downloads.
| |
Cable modem owners hack for free cable TV
Posted by L33tdawg on 2002-06-03 21:37:55 (Reads: 176539)
| |
Source: Yahoo! News
Drawing on old-school methods to splice cable TV lines for unauthorized use, hackers say they can buy a splitter at the local electronics store and easily run an additional line from the cable modem (news - web sites) line for the computer into the television. Without a set-top box, the result is free, basic, analog cable; with an illegal converter or set-top, hackers say they have access to premium channels such as HBO and Showtime.
"I only get (basic) cable. I don't subscribe; it just comes to my house along with the cable modem signal," said Noah, who wished to keep his last name anonymous. He saves roughly $40 a month on cable but spends about $42 a month on Internet access.
"Lots of people do this if all you want is analog cable," he said. "All cable services are run through the same line; they can't just cut power to analog cable and still give you a cable modem."
Cable operators have battled this form of piracy for years, but it's taking on new urgency in the race to build high-speed Internet service. Broadband providers are struggling with costs, with AT&T just last week instituting a price increase for cable modem customers.
| |
Hackers work on cracking the iPhone firmware
Posted by l33tdawg on 2007-07-02 01:07:15 (Reads: 3106)
| |
Source: Hackint0sh.org
A user on the Hackint0sh forums has uncovered the location of the iPhone restore package and successfully downloaded it onto his machine. On further inspection, he discovered that the restore package is actually a zip archive containing 2 disk images - a user dmg and a system software dmg. The system software image however appears to be password protected but efforts are already underway to crack it open. My guess is it won't be long now before someone announces they've successfuly 'rooted' the iPhone.
From the Hacint0sh Forum posting:
You can grab the iPhone restore package at:
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw
This ipsw file is actually a zip file. Rename it .zip and unarchive. You will get two disk images, a system software dmg and a user dmg (from what I can tell). The system software dmg is password protected.
| |
|
HITBSecConf2008 - Malaysia
The following speakers have confirmed their participation in HITBSecConf2008 - Malaysia; the premier network security event in Asia and the Middle East!
Day 1 Keynote Speakers
1.) Jeremiah Grossman (Founder & Chief Technology Officer, White Hat Security.)
2.) Marcus Ranum (Chief Security Officer, Tenable Network Security)
Day 2 Keynote Speakers
3.) Dr. Anton Chuvakin (Chief Research Officer, Log Logic Inc.)
4.) Peter Sunde [brokep] (Founder, The Pirate Bay - TPB) and Fredrik Neij [TiAMO] (Founder, The Pirate Bay - TPB) 
Conference Speakers (alphabetical order)
1. AR (Independent Network Security Researcher, Securebits)
2. Adrian ‘pagvac’ Pastor (ProCheckUp Ltd. / GNUCITIZEN)
3. Akshay Agrawal (Practice Manager, Microsoft Information Security ACE Team)
4. Andrew ‘Q’ Righter (HacDC)
5. Alexander Tereshkin (Principal Researcher, Invisible Things Lab)
6. Charlie Miller (Principal Analyst, Independent Security Evaluators)
7. Ching Tim Meng (Security Consultant, Cable & Wireless)
8. Dino Covotsos (Managing Director, Telspace Systems)
9. Dino Dai Zovi (Security Researcher)
10. Ero Carrera (Reverse Engineering Automation Researcher, zynamics GmbH)
11. Haroon Meer (Technical Director, Sensepost Information Security)
12. Hernan Ochoa (Senior Security Consultant, Core Security Technologies)
13. Ilfak Guilfanov (Founder/CEO of Hex-Rays SA and creator of IDA Pro)
14. Jamie Butler (Coauthor of Rootkits: Subverting the Windows Kernel)
15. Jim Geovedi (Member of HERT & Security Consultant, PT. Bellua Asia Pacific)
16. Julian Ho (Chief Operating Officer, THINKSecure Pte. Ltd.)
17. King Tuna (Independent Network Security Researcher)
18. Kris Kaspersky (Independent Network Security Researcher)
19. Lee Chin Sheng [geek00l] (Independent Network Security Researcher)
20. Matthew Geiger (Forensics Specialist, CERT)
21. Meling Mudin [spoonfork] (Independent Network Security Researcher)
22. Marc Weber Tobias (Investigative Attorney and Security Specialist)
23. Nitesh Dhanjani (Senior Manager, Ernst & Young)
24. Paul Craig (Principal Security Consultant, Security-Assessment.com)
25. Pedram Amini (Manager, Security Research, TippingPoint)
26. Petko D. Petkov [pdp] (GNUCITIZEN)
27. Shreeraj Shah (Director, BlueInfy)
28. Saumil Shah (Founder, Net-Square)
29. Teo Sze Siong (Senior Web Security Researcher, F-Secure Corporation)
30. The Grugq (Independent Network Security Researcher)
There are very limited seats and registrants are encouraged to register early!
REGISTER NOW
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· dns-writeup.txtInteresting write up discussing DNS cache poisoning then and now.
· USN-627-1.txtUbuntu Security Notice 627-1 - Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
· DSECRG-08-032.txtClaroline eLearning and eWorking Platform version 1.8.10 suffers from cross site scripting vulnerabilities.
· dsa-1613-1.txtDebian Security Advisory 1613-1 - Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following three issues:
· MDVSA-2008-151.txtMandriva Linux Security Advisory - A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code. The updated packages have been patched to correct this issue.
· sipwitch-0.2.2.tar.gzGNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
· pkd-1.0.tgzipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
· shopcartdx-sql.txtShopCartDx version 4.30 suffers from a remote SQL injection vulnerability.
Topics
· All topics
· AMD News (Jul 18, 2008)
· Apple News (Jul 23, 2008)
· Articles (Feb 13, 2006)
· Ask Us (Feb 01, 2003)
· Audio/Video (Jul 18, 2008)
· Encryption (Jul 23, 2008)
· Games (Jul 18, 2008)
· Hardware (Jul 15, 2008)
· HITB News (May 18, 2008)
· Industry News (Jul 23, 2008)
· Intel News (Jul 15, 2008)
· Law and Order (Jul 23, 2008)
· Linux (Jul 18, 2008)
· Microsoft (Jul 23, 2008)
· Networking (Jul 12, 2008)
· PDAs (Feb 09, 2007)
· Privacy (Jul 21, 2008)
· Red Hat (May 13, 2008)
· Science (Jul 16, 2008)
· Security (Jul 23, 2008)
· Software & Programming (Jul 21, 2008)
· Spam (Jul 10, 2008)
· Technology (Jul 23, 2008)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Jul 23, 2008)
· Wireless (Jul 12, 2008)
|
Re: Some free programming tools