www.vanish.org

The Last Post

2008-02-16T07:46:00.008+10:30

Due to a change in circumstances, I will no longer be able to continue with this blog. The second anniversary was fast approaching, and I have enjoyed it, but alas, nothing lasts forever. All readers visit a number of sources for their news, so if the links below are not on your list, you may like to add a few.

Donna's SecurityFlash
Help Net Security - Off the Wire
heise Security
Krebs on Security
Threat Level - Wired.com
MSMVPS.COM [Blogs by Current and Former Microsoft Most Valuable Professionals]
Vanish.org Security News [4 feeds]

Goodbye, Farewell, Adios and Many Thanks

Conferences

2008-02-11T06:31:00.000+10:30

Linux.conf.au
Linux.conf.au is done and dusted for another year, and being the caring and sharing open source types that they are, they've kindly recorded all the talks and tutorials which were given to share with the world wide web. You can browse the topics and download them here - OGG is the video, SPX is the audio. If you're in a Windows environment, you can use the open source app VLC to view the OGG files.

Read more HERE.

Official Defcon 15 recordings online
After 6 months, Defcon has put the official recordings on their website. There are 122 video and audio files in total.

Have fun!

Software

2008-02-11T06:27:00.000+10:30

ESET SysInspector
ESET SysInspector is an application that thoroughly inspects your computer and displays gathered data in comprehensive way.

Read the article HERE.

New versions of Aircrack-ng WLAN
The developers of Aircrack-ng have published two new versions of their WLAN security-testing suite. The latest stable version 0.9.2 of airmon-ng supports more drivers than its predecessor and fixes some bugs. Airodump-ng can now handle 5-GHz channels, and Aireplay-ng can now talk to the real-time clock under Linux. The unstable version 1.0 has also been updated to Beta2

Read the article HERE.

My Lockbox
My Lockbox is a free program that can quickly hide and password protect a folder and all files/folders within it from being shown in the Windows files system, and will do so under Windows safe mode as well.

Read the article HERE.

BitTorrents

2008-02-11T06:23:00.000+10:30

Apart from The Pirate Bay guys, most tracker administrators are acutely aware of the risks they expose themselves to, and do everything they can to hide in the shadows. We speak to a tracker owner to find out the kind of measures these guys take in order to protect their identities.

Read the article HERE.

Avoid Downloading Fake Torrents
BitTorrent tracker SeedPeer ensures quality torrents by verifying downloads before it seeds them in its verified torrents section. That means that if you've ever spent hours downloading a torrent to find that you'd been duped by a fake download, you should be able to download with confidence from SeedPeer's verified torrents.

Read the article HERE.

YouTorrent
YouTorrent is “the world’s first real-time torrent comparison search engine” according to the site itself. The site is a meta search engine, which means that it doesn’t host any torrent files itself. It currently searches 12 sources; Mininova, The Pirate Bay, IsoHunt, MyBittorrent, NewTorrents, SuprNova, Monova, Vuze, BitTorrent, LegitTorrents, SeedPeer and BTjunkie.

Read the article HERE.

Top 10 BitTorrent Tools and Tricks
BitTorrent is the go-to resource for downloading everything from music and movies to software and operating systems, but as its popularity continues to grow, so do the number of tools available for making the most of it. Some are must-haves, while others are a waste of time. Climb aboard for a look at 10 of the best BitTorrent utilities, tools, and resources for finding and managing your BitTorrent downloads quickly and efficiently.

Read the article HERE.

TechNet Magazine - February 2008

2008-02-11T06:14:00.000+10:30

Sharepoint : Office Communications Server : High Performance Computing : Microsoft Office

Read the magazine HERE.

Hackers Exploiting Adobe Reader Flaw

2008-02-10T07:17:00.000+10:30

Security Fix has learned that at least one of the security holes in the popular Adobe Reader application that was quietly patched by Adobe this week is actively being exploited to break into Microsoft Windows computers.

Read the article HERE.

Solving Online Identity Theft

2008-02-10T07:16:00.000+10:30

Imagine you could prove you were 21 without revealing your date of birth -- or anything else about you, for that matter. Or qualify for a loan without disclosing your net worth. Or enjoy the benefits of e-commerce, e-health and e-government without a moment's fear that you are open to identity theft. Sound impossible? It is. But it won’t be if cryptographer and entrepreneur Stefan Brands has his way.

Read the article HERE.

Another google horror story

2008-02-10T07:14:00.000+10:30

I'm a very experienced internet user, which is part of why I've asked not use my name. I'm the -last- person that should be a phishing victim, yet it happened to me. Since it happens to internet professionals far less than, say, the clueless relatives of internet professionals, of course we blame it on the user.

The design problem is you want the site's interface to be uniform every time you visit, this tells the user "this is the real gmail". But this is what the phishers are exploiting. If the site was somewhat different every time you visited, it would be jarring and perhaps cause more people to look at the URL to make sure they were in the right place. Bank of America uses a "personal icon" that you should see to ensure it's the right server. It's not the most elegant solution, but it is a step in the right direction.

Read the article HERE.

The Coolest Hacks of 2007 - Part II

2008-02-10T07:13:00.000+10:30

Just when you thought it was safe to go back online, we offer a new round of offbeat attacks that might make you think twice. Bluetooth, taxicabs, printers, unlaunched browsers, toasters, and road signs: Each was hacked in the past year by inventive researchers whose curiosity got the best of them. The coolest hacks are like that.

Read the article HERE.

The Flow of MBR Rootkit Trojan Resumes

2008-02-10T07:12:00.000+10:30

Back in final weeks of 2007 the GMER team discovered the emergence of a new rootkit that hooked into the Windows master boot record (MBR) in order to take control of a compromised computer.

Read the article HERE.

'L0pht ' Reunion on Tap

2008-02-10T07:09:00.000+10:30

Former rock bands have done it, and now a 1990s hacker group is getting back together -- for at least one show, anyway. Several members of the famed hacker group The L0pht Heavy Industries will reunite in March on a security conference panel.

Read the article HERE.

Crack for Windows Live captcha

2008-02-09T08:37:00.001+10:30

Spammers are using a sophisticated piece of software that can create thousands of Windows Live email addresses by cracking the protections designed to prevent the large-scale creation of fraudulent accounts.

Read the article HERE.

New Authentication Scheme Proposed

2008-02-09T08:36:00.001+10:30

Researchers have built a prototype authentication technique that could ultimately reduce the risk of attackers hacking users' credentials via a keylogger or spyware.

Read the article HERE.

To sudo, or not to sudo

2008-02-09T08:35:00.000+10:30

If you've dabbled even a little bit with security matters, you know that giving root rights or the root password to a common user is a bad idea. But what do you do if a user has a valid need to do something that absolutely requires root rights? The answer is simple: use sudo to grant the user the needed permissions without letting him have the root password, and limit access to a minimum.

Read the article HERE.

It's raining security updates

2008-02-09T08:33:00.000+10:30

Mozilla pushed out a new update of Firefox on Thursday that fixes ten security vulnerabilities, three of which are deemed critical.

Read the article HERE.

Antivirus company's Web site hacked

2008-02-09T08:32:00.000+10:30

The Web site for Indian antivirus vendor AvSoft Technologies has been hacked and is being used to install malicious software on visitors' computers.

Read the article HERE.

Changing the face of flaw disclosure

2008-02-09T08:14:00.000+10:30

The old image of vulnerability researchers is the teenage outcast tinkering away in the basement, finding flaws in Windows machines, Oracle databases and Cisco routers and releasing proof-of-concept exploit code at will to the dismay of the affected vendor. But somewhere along the way, something changed.

Read the article HERE.

Third of security practices useless

2008-02-08T08:16:00.001+10:30

In a presentation here yesterday, Tippett -- who is vice president of risk intelligence for Verizon Business, chief scientist at ICSA Labs, and the inventor of the program that became Norton AntiVirus -- said that about one third of today's security practices are based on outmoded or outdated concepts that don't apply to today's computing environments.

Read the article HERE.

JavaScript zaps iPhone and iPod

2008-02-08T08:15:00.001+10:30

Security researchers have discovered you can crash an iPhone through the medium of a cleverly crafted webpage. The exploit, dubbed a "memory exhaustion remote denial of service vulnerability" by the SecurityFocus website, affects Apple's Mobile Safari web browser, a key component of both the iPhone and the iPod Touch.

Read the article HERE.

The Storm Worm's Family Tree

2008-02-08T08:13:00.000+10:30

New research suggests that the infamous Storm worm has its roots in a computer worm that first surfaced as early as 2004, two-and-a-half years prior to Storm's widely-recognized birthday.

Read the article HERE.

Microsoft News

2008-02-08T08:05:00.000+10:30

MS Patch Tuesday Barrage
After a relatively light Patch Tuesday load in January, Windows administrators are bracing for a barrage of security updates from Microsoft. According to the software maker's advance notice mechanism, there are 12 bulletins slated for release Feb. 12. Seven of the 12 will be rated "critical," Microsoft's highest severity rating.

Read the article HERE.

Final Version of Vista SP1 Test
Microsoft's newly released Service Pack 1 may solve some of the performance glitches that have annoyed Windows Vista users and discouraged others from adopting the OS, but it doesn't appear from our initial tests to be a panacea. In our first tests of the service pack, file copying, one of the main performance-related complaints from Vista users, was significantly faster. But other tests showed little improvement and in two tests, our experience was actually a little better without the service pack installed than with it.

Read the article HERE.

Microsoft responds to Save XP petition
In response to Infoworld's petition and other pro-XP outpourings of support, a Microsoft spokesperson in the US told Computerworld: "We're aware of it, but are listening first and foremost to feedback we hear from partners and customers about what makes sense based on their needs. That's what informed our decision to extend the availability of XP initially, and what will continue to guide us".

Read the article HERE.

Microsoft cuts Windows 7 features - already
Features are being shed left and right. The latest one is graphics a API, DirectX 11 in this case. From what we are told by reliable sources. MS was keen on having DX11 be part of Windows 7. DX10, which while technically pretty nifty, is saddled with Vista as an arm twist mechanism, so it is taking off like a water buffalo with bunions and a weight problem.

Read the article HERE.

When security improvements backfire

2008-02-07T08:30:00.001+10:30

Recently, when conducting an (authorized) security review at a small web hosting provider, I ended up as "root" on all their Unix systems within a matter of hours, and did not even need any l33t buffer overflow or the like. Well-meaning system administrators had tried to improve security of their servers, and had unwittingly ended up making life much easier for the bad guys.

Read the article HERE.

Adobe, Apple Issue Security Updates

2008-02-07T08:29:00.000+10:30

Adobe has released an update to its free Adobe Reader application that corrects more than two dozen bugs, including several security holes. Separately, Apple this week pushed out a patch to plug a single security vulnerability in its iPhoto application.

Read the article HERE.

Hack Your Home Router Challenge

2008-02-07T08:28:00.000+10:30

In the wake of two fairly bad stories about cross-site request forgeries (CSRF), there’s a new challenge on the wind: Hack your home router! The catalysts for this challenge were some recent real-world CSRF-based attacks -- a user's domain being compromised due to a hole in Gmail, and Mexican banking customers' credentials getting stolen after their routers were compromised.

Read the article HERE.

TrueCrypt 5.0 Released

2008-02-07T08:27:00.000+10:30

Among the new features are the ability to encrypt a system partition or entire system drive (i.e. a drive where Windows is installed) with pre-boot authentication, pipelined operations increasing read/write speed by up to 100%, Mac OS X version, graphical interface for the Linux version, XTS mode, SHA-512, and more.

Read the article HERE.

Nmap looks better than ever

2008-02-07T08:25:00.000+10:30

The 4.50 release includes Zenmap, a cross-platform GUI front end for Nmap which includes a command creation wizard, a scripting engine, and a host of other improvements. At age 10, Nmap may be the most popular network security tool in the world. Given its power, ease of use, and the excellence of its documentation, it's not hard to see why. Security professionals and casual desktop users alike can benefit and learn from this tool. If I had a "must have" list of all the apps I use, Nmap would rank near the top. If you're not familiar with it, grab it and give it a go.

Read the article HERE.

FAR Manager goes open source

2008-02-07T08:24:00.000+10:30

I’ve been extremely happy over the last several days when I discovered that the FAR Manager, one of the tools that we use quite a lot in Avert Labs, has recently been released as open source under a BSD license. What is exactly FAR? Well, FAR is an advanced file manager that is heavily customizable and extensible.

Read the article HERE.

Predators prefer IM and chat rooms

2008-02-07T08:23:00.000+10:30

Quick, picture an Internet sex predator. If you're like many members of the public, you probably pictured a middle-aged man clicking away on social networking sites like Facebook and MySpace as he lies to kids he meets about his age and intentions. Such a picture doesn't survive an encounter with data, though; social networking sites are actually safer than chat rooms and instant messaging, while most perpetrators are upfront about both their ages and desires.

Read the article HERE.

Security Metrics - How Often Should We Scan?

2008-02-07T08:17:00.000+10:30

I get this question from Nessus users and Tenable customers very often. They want to know if they are scanning too often, not often enough and they also want to know what other organizations are doing as well. In this blog entry, we will discuss the many different reasons why people perform scans and what factors can contribute to their scanning schedule.

Read the article HERE.

Heads Up Internet Explorer Users

2008-02-06T09:02:00.000+10:30

A plug-in for Microsoft's Internet Explorer Web browser that helps users upload photos to popular sites such as Facebook and Myspace contains multiple security holes. To make matters worse, hackers have now published instructions showing how to exploit those flaws to break into vulnerable systems and install software.

Read the article HERE.

Holes in numerous ActiveX controls

2008-02-06T09:01:00.000+10:30

Users of Yahoo's Music Jukebox should consider uninstalling the software. Several security holes in two of its ActiveX controls allow attackers to manipulate a system and infect it with malware via a crafted web site visited using Internet Explorer.

Read the article HERE.

Overhaul of net addresses begins

2008-02-06T09:00:00.000+10:30

The first big steps on the road to overhauling the net's core addressing system have been taken. On Monday the master address books for the net are being updated to include records prepared in a new format known as IP version 6.

Read the article HERE.

Microsoft replaces Vista kernel

2008-02-06T08:59:00.000+10:30

One of the “big” features discussed in early speculation of Windows Vista SP1 was the kernel upgrade, which was supposed to bring the operating system into line with the Longhorn kernel used in Windows Server 2008. And yet with Vista SP1 going RTM, there hasn't been so much as a peep from Microsoft about the mooted kernel update.

Read the article HERE.

The future of network security

2008-02-06T08:58:00.000+10:30

Enterprise connectivity is exploding, driven by globalization, convergence, virtualization and social computing. As corporate perimeters dissolve, the security focus switches towards application and data-level security solutions. The question to ask is what are the longer-term implications for network security? Will it become redundant or could it grow more powerful? Only one thing seems certain: It will be different from today.

Read the article HERE.

Antivirus testers now all on same page

2008-02-05T08:43:00.000+10:30

Nearly two dozen companies announced on Monday the creation of an organization to set best practices and standards for the evaluation of antivirus software.

Read the article HERE.

Keep Your E-mail Private and Secure

2008-02-05T08:42:00.000+10:30

Do you think of e-mail as a digital postcard or a signed and sealed letter?
Read the article HERE.

Big trouble with teen hackers

2008-02-05T08:41:00.002+10:30

Teenagers, including children as young as eleven and twelve years old, are increasingly becoming involved in serious cyber-criminal activity that exposes themselves and the users they target to a full range of dangerous repercussions.

Read the article HERE.

Cyber Security Bulletins: Release Date - Feb 4

2008-02-05T08:41:00.001+10:30

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT).

Read this weeks bulletin HERE.

iPhone security 101

2008-02-05T08:40:00.001+10:30

After getting access to an iPhone Unix shell, you can observe that every process runs as root. This is why the jailbreak process succeed, as the exploitation of the libtiff vulnerability through MobileSafari provided unlimited privileges on the device. Any future security flaw in any iPhone application can lead to a similar complete system compromise.

Read the article HERE.

News, Hints, Tips, Tricks & Tweaks

2008-02-05T08:39:00.001+10:30

Read this weeks articles at WXPNews HERE.

Ettercap automates the malicious middleman

2008-02-05T08:38:00.000+10:30

Man in the middle (MITM) attacks can be devastatingly effective, providing hackers with all kinds of confidential information and, just as seriously, giving them the opportunity to feed false information to victims. These attacks involve a hacker diverting packets which are meant to flow between a victim's computer and another machine - usually an Internet gateway – so that they flow through the attacker's computer, where they can be inspected and changed before being passed on.

Read the article HERE.

Gestapo---> KGB---> FBI

2008-02-05T08:23:00.000+10:30

Those of you that think you missed the glory years - by being born late, or in the wrong country - will now have the opportunity to experience living in a police state. "The FBI is gearing up to create a massive computer database of people's physical characteristics, all part of an effort the bureau says to better identify criminals and terrorists. The bureau is expected to announce in coming days the awarding of a $1 billion, 10-year contract to help create the database that will compile an array of biometric information -- from palm prints to eye scans".

Read the article HERE.

BullGuard releases a free spam filter

2008-02-04T07:14:00.000+10:30

Danish security company BullGuard announced it will offer its spam filter product as a free download. The BullGuard Spamfilter (download) integrates with Microsoft Outlook, Outlook Express, Windows Mail, and Mozilla Thunderbird e-mail clients. It runs on Windows 2000, XP, and Vista.

Read more HERE.

Sneak Peak at 'Hardy Heron'

2008-02-04T06:47:00.000+10:30

Hardy Heron, the next release from the Ubuntu Linux team, isn't due until April 2008, but already the early alpha releases are filled with significant changes and improvements. Alpha 4, the most recent release of Hardy Heron, features a new BitTorrent client, new CD/DVD burning tools and PulseAudio which will be the new audio handler.

Read the article HERE.

The Gizmo Report: Fire-Safe

2008-02-04T06:46:00.000+10:30

Designed to protect CDs, DVDs, flash drives, iPods, etc. from fires lasting up to two hours at temperatures up to 1,850° F. And the really cool thing is that it'll also protect a 2.5" USB hard drive...while the drive is operating and connected to a computer outside the safe via a USB passthrough in the safe door. So for the first time, your backups can be continuously protected, even if you're not around.

Read the article HERE.

Pocket Supercomputer

2008-02-04T06:43:00.000+10:30

Accenture's "Pocket Supercomputer" is in fact a phone behaving like a thin client. It can be used to send images and video of objects in real time to a server where they can be identified and linked to relevant information, which can then be sent back to the user.

Read the article HERE.

Windows SteadyState

2008-02-03T07:38:00.000+10:30

Episode #129 :Leo and I examine and discuss Microsoft's "Windows SteadyState," an extremely useful, free add-on for Windows XP that allows Windows systems to be "frozen" (in a steady state) to prevent users from making persistent changes to ANYTHING on the system.

Read the article HERE.

The Buzz Around Fuzzing

2008-02-03T07:37:00.000+10:30

Security researchers long have sworn by it, and now many enterprises, developers, and service providers are turning to an increasingly popular method of identifying security vulnerabilities: fuzzing.

Read the article HERE.

Ubuntu 8.04 (Hardy Heron) alpha 4

2008-02-03T07:36:00.000+10:30

Ubuntu 8.04 alpha 4 was officially released today and is now available for testing. This alpha offers an early look at some of the features that will be included in the final 8.04 release, which is scheduled for April. Codenamed Hardy Heron, Ubuntu 8.04 will be the second long-term support (LTS) release, which means that it will be supported on the desktop for three years and on the server for five years.

Read the article HERE.

Universities fend off phishing attacks

2008-02-03T07:35:00.000+10:30

In an ongoing attack, students and faculty at nearly a dozen universities and colleges have been targeted by phishing e-mails since the middle of January. The e-mail messages masquerade as missives from each school's help desk, asking that the student confirm their username and password as well as requesting more personal information, including date of birth and country of origin.

Read the article HERE.

U.S. tests its hacker defenses

2008-02-03T07:34:00.000+10:30

In February 2006 the biggest-ever "Cyber Storm" war game was held to test the nation's hacker defenses. According to hundreds of pages of heavily censored files obtained by the Associated Press, the $3 million, invitation-only war game simulated what the U.S. describes as plausible attacks over five days against the technology industry, transportation lines and energy utilities by anti-globalization hackers. The government is organizing a multimillion-dollar "Cyber Storm 2," to take place in early March.

Read the article HERE.

A great place to work

2008-02-03T07:33:00.000+10:30

Zell's idea is that we've been wasting our time. If cyberloafers get their work done, a little loafing is irrelevant. And if they don't, they should be penalized for not getting their work done, not for what they do online. That's a problem for their managers to address, not something for IT to worry about.

Read the article HERE.

From Myth to Reality: IT Risk Management

2008-02-03T07:16:00.000+10:30

Symantec launched Volume II of the IT Risk Management Report, entitled “IT Risk Management – From Myth to Reality.” It analyzes the results of interviews with more than 400 IT executives and professionals from around the world during 2007. As the title implies, the report takes a look at the truth behind four common myths around IT Risk Management.

Read the article HERE.

Simple hack defeats last barrier

2008-02-02T08:53:00.000+10:30

In the morass of Web 2.0 insecurity, Gmail and other Google-hosted services stood out as a beacon of hope. That's because they were believed to be the only free destination that offered protection against a decade-old vulnerability that enabled hackers to steal sensitive authentication details as they pass over Wi-Fi hotspots and other types of public networks. Now, we know better.

Read the article HERE.

Mozilla upgrades status of vulnerability risk

2008-02-02T08:52:00.000+10:30

The Mozilla Foundation has reclassified a recently published hole in Firefox, as a high risk vulnerability. The flaw gives attackers access to local data on a computer running the browser using add-ons.

Read the article HERE.

SkypeFinds another security snafu

2008-02-02T08:51:00.000+10:30

SkypeFind lets users recommend businesses, or post reviews, to others running the voice-over-IP client. Problems have arisen because Skype has neglected to sanitise a field designed to pass across reviewers' names (even though it does clean up data provided in the business item entry and text submitted in a review).

Read the article HERE.

Shark3 Malware is in the Wild

2008-02-02T08:50:00.000+10:30

And so, the Shark3 malware is continuing its development. What's new? Anti-debugger capabilities in particural against - VmWare, Norman Sandbox, Sandboxie, VirtualPC, Symantec Sandbox, Virtual Box etc.

Read the article HERE.

MS-Yahoo

2008-02-02T08:47:00.000+10:30

Assume for a moment that Microsoft-Yahoo goes through without a hitch. What does the world look like afterwards? Here’s the book on what might come next.

Read the article HERE.

RealPlayer Labeled 'Badware'

2008-02-01T07:58:00.002+10:30

An industry-academia group designed to raise public awareness about software that violates fair information and privacy practices has labeled recent versions of RealPlayer video streaming software as "badware," charging that the software surreptitiously installs pop-up ad serving software as well as the Rhapsody media player engine.

Read the article HERE.

Even SSL Gmail can get sidejacked

2008-02-01T07:58:00.001+10:30

When Robert Graham demonstrated how Web 2.0 wasn’t safe at last year’s Blackhat, it was thought that at least the SSL mode (HTTPS) of Google Gmail would be spared from sidejacking. That presumption now appears to be false according to this updated blog posting from Graham. Even with SSL enabled, Gmail sessions can still be hijacked by Graham’s Hamster and Ferret (or less easily with Wireshark and Mozilla’s cookie editor).

Read the article HERE.

The Microkernel Debate - Part II

2008-02-01T07:57:00.000+10:30

Over the years there have been endless postings on forums such as Slashdot about how microkernels are slow, how microkernels are hard to program, how they aren't in use commercially, and a lot of other nonsense. Virtually all of these postings have come from people who don't have a clue what a microkernel is or what one can do. I think it would raise the level of discussion if people making such postings would first try a microkernel-based operating system and then make postings like "I tried an OS based on a microkernel and I observed X, Y, and Z first hand." Has a lot more credibility.

Read the article HERE.

Beating Anonymity Technology

2008-02-01T07:56:00.000+10:30

Technologies that promise users anonymity on the Web might not be all they're cracked up to be, according to a dissertation published recently by a doctoral candidate at the University of Cambridge's Computer Laboratory.

Read the article HERE.

Interview with a Wii hacker

2008-02-01T07:55:00.000+10:30

Last night, Atomic talked to Wii hacker Bushing about every conceivable aspect of Wii hacking. To make things even more incredible, the first “Hello World” program to ever to run on a Wii was executed during our discussion.

Read the article HERE.

Pirate Bay Future Uncertain

2008-02-01T07:53:00.000+10:30

The world of illegal downloading suffered a severe blow Thursday when Swedish authorities charged four people for operating the world's most popular BitTorrent site -- The Pirate Bay-- which allows users to retrieve free movies, music and video games, much of which is copyrighted.

Read the article HERE.

US mobile numbers for sale

2008-02-01T07:45:00.000+10:30

An online directory that claims to provide 90 million mobile telephone numbers is raising concerns among cell phone users and privacy advocates about unwanted callers who rack up the minutes on their calling plans and the difficulty of opting out of the list.

Read the article HERE.

AntiVir Scores Highly in A/V Test

2008-01-31T08:02:00.002+10:30

AV-Test in Germany is one of the top research facilities in the world for testing anti-malware protection. Over the years we have published many test results of theirs, and we have some fresh ones now.

Read the article HERE.

New attack proves critical Windows bug

2008-01-31T08:02:00.001+10:30

Security researchers yesterday said they'd discredited Microsoft's claim that the year's first critical Windows vulnerability would be "difficult and unlikely" to be exploited by attackers. On Tuesday, Immunity updated a working exploit for the TCP/IP flaw spelled out in Microsoft's MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site.

Read the article HERE.

Information is our only security weapon

2008-01-31T08:01:00.001+10:30

Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards, and public CCTV security cameras in his keynote address to Linux.conf.au (currently being held in Melbourne, Australia). These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, Schneier said. The discussion of public security — which has always been clouded by emotional decision making — has been railroaded by groups with vested interests such as security vendors and political groups.

Read the article HERE.

Terror suspects hone anti-detection skills

2008-01-31T08:00:00.001+10:30

In an age of spy satellites, security cameras and an Internet that stores every keystroke, terrorism suspects are using simple, low-tech tricks to cloak their communications, making life difficult for authorities who had hoped technology would give them the upper hand.

Read the article HERE.

Mozilla ups Firefox bug threat

2008-01-31T07:59:00.001+10:30

Mozilla bumped up the threat ranking for an unpatched Firefox bug to "high" yesterday, but promised a fix is coming in Version 2.0.0.12, now slated for release on Feb 5.

Read the article HERE.

Spammers dive into Google's lucky dip

2008-01-31T07:58:00.000+10:30

Google's "I'm feeling lucky" button was designed to save web searchers time by automatically opening the first page of a query. It turns out the feature, and similar ones from other search engines, are increasingly helping junk mailers get around anti-spam products.

Read the article HERE.

PHP IRC Bot

2008-01-31T07:57:00.000+10:30

Coming across a PHP RFI (Remote File Inclusion) exploit is an everyday event. (At least if you're analyzing malware…) Typically, most of the exploits we see install a web-based backdoor such as the C99 shell for the attacker to use. Every once in a while we run into something more sinister.

Read the article HERE.

How much to stop 'domain tasters'?

2008-01-31T07:56:00.000+10:30

A proposal by the overseer of the Internet's addressing system could cut back on the practice of "domain tasting" and make it easier for people to reserve the domain names they want for their Web sites.

Read the article HERE.

Google's new Experimental Search

2008-01-31T07:53:00.000+10:30

There's more information than ever on the web, and Google is testing some new ways to visualize it all. Ars evaluates Google's Experimental Search features which feature alternate views for search results and more.

Read the article HERE.

Encrypting VoIP Traffic With Zfone

2008-01-30T08:40:00.000+10:30

Some people worry about the easy with which their voice communications may be spied upon. Laws like CALEA have made this simpler in some ways, and with roaming wiretaps even those not under direct investigation may lose their privacy. Phil Zimmermann , creator of PGP, has come up with a project called Zfone which aims to do for VoIP what PGP did for email.

watch the video HERE.

Exploit Could Taint Forensics

2008-01-30T08:39:00.000+10:30

What if a hacker could taint your forensics investigation with an exploit? That's one of the scarier risks associated with cross-site request forgery (CSRF), a common and stealthy vulnerability found in many Web applications.

Read the article HERE.

Windows 7 fake spotted on BitTorrent

2008-01-30T08:38:00.000+10:30

Pranksters have taken advantage of interest in the next version of Windows to post fake - but reportedly harmless - builds of Windows 7 on BitTorrent.

Read the article HERE.

To Open or Not to Open

2008-01-30T08:37:00.000+10:30

Go on any security Web site and their best practices state that you should “never view, open, or execute any email attachment unless the attachment is expected and the purpose of the attachment is known.” But what if it’s your job to open attachments?

Read the article HERE.

Windows 7 hasn’t slipped to 2011

2008-01-30T08:25:00.000+10:30

This is just a quick post to help guide those who aren’t used to Micro-speak.

Read the article HERE.

Unreal Test Rootkit

2008-01-29T09:01:00.000+10:30

Unreal is Not malicious. This rootkit is not intended to be runned with Host Intrusion Prevention Systems. It is intended ONLY for testings with modern AntiRootkit software.

Read the article HERE.

Spies In the Phishing Underground

2008-01-29T09:00:00.000+10:30

Both Nitesh and Billy are well-known security researchers that have recently managed to infiltrate the phishing underground. What started as a simple examination of phishing sites, turned into an extraordinary view of the ecosystem that supports the phishing effort that plagues modern day financial institutions and their customers.

Read the article HERE.

Studying Malware Analysis

2008-01-29T08:59:00.000+10:30

There are very few places in the world where you can actually study malware analysis. We decided to do our small part to improve this situation and we're happy to announce that we've started a course at the Helsinki University of Technology.

Read the article HERE.

Software

2008-01-29T08:56:00.000+10:30

Software Tool Strips Windows Vista To Bare Bones
A free software tool that promises to strip down the Windows Vista operating system -- which even some Microsoft officials have called "bloated" -- to a minimalist state is attracting big interest on the Internet.

Read the article HERE.

Browser DOM Checker
A simple utility to thoroughly validate DOM, XMLHttpRequest, and cookie security restriction handling in modern web browsers. Notable features include exhaustive hierarchy crawling, cross-domain IPC system for blind write verification, page transition checks, and more. DOM Checker had been used to find a number of major security bypass and information disclosure problems in several popular browsers, and we had worked closely with vendors to resolve them (although it's worth noting that the tool still reports anywhere from 10 to 30 low-risk, design-related information disclosure issues in these programs).

Read the article HERE.

Metasploit version 3.1 adds iPhone support
Version 3.1 of exploit framework Metasploit has been released. The most important changes since version 3.0, released around 10 months ago, are a Windows graphical interface, numerous integrated tools and additional modules. In developing the GUI, which now provides a file and process browser, Metasploit developer H.D. Moore received support from security specialist Fabrice Mourron. The tools include the METASM suite, written in Ruby, which includes an assembler, disassembler, compiler, linker and debugger.

Read the article HERE.

TrueCrypt 5.0
Release scheduled for: February 4, 2008

Cyber Security Bulletins: Release Date - Jan 28

2008-01-29T08:55:00.000+10:30

Windows Home Server vulnerable

2008-01-29T08:54:00.002+10:30

For the second time in three days, Microsoft added another product to the list of those vulnerable to a critical bug patched nearly three weeks ago. Windows Home Server, the company's newest operating system, is also at risk to the vulnerabilities spelled out by the MS08-001 security bulletin, according to a Friday update.

Read the article HERE.

News, Hints, Tips, Tricks & Tweaks

2008-01-29T08:54:00.001+10:30

Read this weeks articles at WXPNews HERE.

Windows 7 won't be released next year

2008-01-29T08:53:00.000+10:30

Contrary to all that is being said on the net, it clearly looks like Microsoft is NOT planning to release Windows 7 in 2009. Microsoft's official response, by an Email dated 26th January, 2008, to WinVistaClub states that Windows 7 is still in the planning stage and will take approximately 3 years to develop.

Read the article HERE.

Troubleshooting RPC across firewalls

2008-01-29T08:48:00.000+10:30

Applications that want to talk to other servers will often use the Remote Procedure Call (RPC) infrastructure to communicate instead of inventing their own protocol. From an IT perspective this is a pain because we like known protocols with defined ports. From a development perspective this is nice because we don't want to write more code than we have to. More modern applications are going to take advantage of technologies like Windows Communications Foundation (WCF) which enables administrators to configure how the applications will talk, including the transport protocol (e.g. TCP, HTTP, custom protocols), along with the transport-specific properties (e.g. ports). While we wait for the uptake on WCF we will likely be stuck with RPC-based applications for quite some time. With that being the case it is best to understand how RPC works and the implications brought forth by firewalls.

Read the article HERE.

Untraceable or Uncatchable?

2008-01-29T08:44:00.000+10:30

On Friday, I caught a showing of "Untraceable," a horror/thriller flick about a serial killer who relies on computer insecurity to help him broadcast his crimes onto the Internet. Far too many hacker movies completely flub the technical details, and from viewing the trailers I was certain this one would as well. But the film actually got most of its Internet facts right - nevermind the bit where the bad guy remotely hacks a car, or the laughably inaccurate point-and-click trap-and-trace capabilities of the FBI agent.

Read the article HERE.

RFID guinea pigs

2008-01-28T07:17:00.000+10:30

The Halifax bank is enrolling unsuspecting customers in trials of a new generation of RFID-enabled bank cards, and trying to keep them in the program even if they have mis-givings about the wave and pay technology. PayWave allows punters to debit their account without having to enter a PIN or sign for goods valued at less than £10.

Read the article HERE.

Microchips Everywhere: a Future Vision

2008-01-28T07:16:00.000+10:30

Here's a vision of the not-so-distant future: A seamless, global network of electronic "sniffers" will scan radio tags in myriad public settings, identifying people and their tastes instantly so that customized ads, "live spam," may be beamed at them.

Read the article HERE.

MSDN Magazine : February 2008

2008-01-28T07:15:00.000+10:30

This month, look deep inside the workings of the CLR so that you can build your own compiler. See how to generate intermediate language instructions, get an understanding of language definition, the parser, creating a .NET assembly, and everything else you need to know to compile your language of choice to run in the CLR.

Read the magazine HERE.

Keeping your Linux desktop secure

2008-01-28T07:14:00.000+10:30

One of the main reasons people move from Windows to Linux is the promise of greater security from malware on the Internet. Everyone knows you need to add extra security to try to keep a Windows desktop safe, but what do you have to do to accomplish the same thing on Linux? To answer that question, we asked a number of well-known Linux kernel hackers and a security expert for their thoughts on the matter.

Read the article HERE.

German Skype Trojans Revealed

2008-01-28T07:13:00.000+10:30

Wikileaks has released documents from the German police revealing Skype interception technology. The leaks are currently creating a storm in the German press.

Read the article HERE.

Another Julie Amero situation developing?

2008-01-28T07:11:00.000+10:30

Remember Julie Amero? Well, this time, the story is in Florida.

Read the article HERE.

Social Networking

2008-01-28T06:52:00.000+10:30

Social networking sites are an increasingly popular way for people to keep in contact with friends, family and business colleagues. These sites offer a rich set of features that enable users to share personal information as well as videos, music, and images with members of their network—all in the name of keeping their contacts updated with what goes on in their lives. Although the ability to share information and multimedia files are among social networking sites’ greatest strengths, hackers see these assets as new vectors to attack unsuspecting users.

Read the article HERE.

My Friend Bill
I just signed up for a MySpace page. I’ve become very interested in social networking and it was time to join the fun. Once you create an account the next step is to add some friends to your network. So the first thing I decided to do was send an invite my friend Bill Gates.

Read the article HERE.

JaseZone? More like FakeZone
Well, we all know that there is a certain amount of risk we have to accept when we place personal information on a Web site, including the possibility that someone may use that information without your explicit permission.

Read the article HERE.

MySpace riches come under attack

2008-01-27T08:14:00.000+10:30

Anybody who says crime doesn't pay obviously hasn't talked to Sanford Wallace. In just six months' time, the prolific purveyor of spam and spyware engineered a scam on MySpace that netted at least $555,850, according to court documents filed this week.

Read the article HERE.

Spam and virus filtering for e-mail

2008-01-27T08:13:00.000+10:30

Look beyond tools like SpamAssassin and Amavis to see how you can extend them and provide additional filtering facilities to lower the amount of spam hitting the e-mail boxes of your users. Most companies use spam and virus filtering services on their UNIX platforms, but there are some methods that you can use that help improve your filtering scores and might even eliminate spam reaching inboxes.

Read the article HERE.

Hacking Flash Memory

2008-01-27T08:12:00.000+10:30

The major feature we are concerned about from a security point of view is that you cannot infinitely rewrite it. With normally memory and normal hard-disks, you can rewrite the contents trillions of times without concern. With flash memory, after rewriting data a few hundred thousand times, the block goes bad. It's quite easy to intentionally write a program that would continuously overwrite a block of flash until it failed.

Read the article HERE.

Web 2.0 Security

2008-01-27T08:11:00.000+10:30

Web 2.0 is an umbrella term coined to include technologies used for providing user-centric web based services. Here, the services are architected and programmed so that they can be personalized and used dynamically. The architectural philosophy is called Service Oriented Architecture (SOA).

Read the article HERE.