BeautyandBoost.com
4:59pm
Music
‘vulnerabilities’ Archives
Typhoid adware hijacks LAN, inserts ads into uninfected computers’ browsers
Security researchers at the University of Calgary have identified a new malware they call "Typhoid." Typhoid impersonates the wireless router on your local network, effecting a man-in-the-middle attack that allows it to insert ads into the browsing sessions of all the other, uninfected users on the LAN. Typically, adware authors install their [...]
Linux botnet discovery worry
Bad guys have created a botnet of Linux Web servers. In a way, that's even more frightening than regular botnets of compromised Windows PCs. Bloggers ask if this is the end for Linux's claim to be more secure than Windows; or is it just a load of old hokum? Your humble blogwatcher selected these bloggy morsels for your enjoyment. Not to mention [...]
Time to party like its Windows 95!
Remember the good old days of the 1990s, when you could teardrop attack any Windows user who'd annoyed you and bluescreen them? Microsoft reintroduces this popular feature in Windows 7, courtesy the rewritten TCP/IP and SMB2 stacks. IV. PROOF OF CONCEPT #!/usr/bin/python # When SMB2.0 recieve a "&" char in the "Process Id High" SMB header [...]
“Open Source Twitter” proposed as antidote to Twitter’s DDOS vulnerability
Twitter and Facebook were paralyzed this past week by DDOS (distributed denial of service) attacks. As I understand it, those attacks are still ongoing. In this Wired Epicenter blog post by Eliot Van Buskirk, open source advocates propose that the only real solution to this vulnerability is to engage in another DDOS: "distributed delivery of [...]
Stopgap Fix for Critical Firefox 3.5 Security Hole
Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla's new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, LandoftheFreeish.com is posting instructions to help readers protect themselves from this vulnerability. The security hole has to do with a [...]
Reverse-engineering SSNs from publicly available data
Computer scientists at Carnegie Mellon University have figured out how to predict Social Security numbers from publicly accessible birth data with frightening accuracy. The researchers analyzed a public information source known as the "Death Master File," which includes birth data and SSNs for people who have died. The scientists found that in [...]
Bugs and inaccurate readings found in breathalyzer source code
After a long legal wrangle, some defendant-side attorneys have audited the source-code of Alcotest, the breathalyzer used in New Jersey DUI stops. Turns out it was programmed by muppets who don't know how to calculate an average and who throw out error messages by the dozen. Like voting-machine vendors, breathlyzer vendors go crazy when [...]
Man finds card skimmer on ATM
Dan says over the weekend he discovered a card skimmer attached to the ATM at his local WaMu branch. He pulled it off and took photos of it. This past weekend I went to use the local WaMu ATM to get some cash money. When I walked up to the ATM something struck me as funny…I couldn't quite put my finger on it but the card reader didn't look [...]
KTorrent Web Interface Vulnerable to Remote Takeover
This is the beauty of open source. You can actually publish stuff like this without the fear that several black Tuesdays will pass before it's patched. Distributed under a GNU General Public license, KTorrent is a torrent client written in C++ for KDE. Feature wise, the client can compete with other popular clients, supporting protocol [...]
Four Threats For 2009 That You’ve Probably Never Heard Of (Or Even Thought About)
You're probably gearing up for the well-known security risks you've watched emerge over the past year to go front burner in the new year -- the insider threat, Web 2.0, and targeted attacks. But don't pop that champagne cork just yet: Some obscure potential threats that could be more difficult to prepare for and defend against also are looming for [...]
Forget your photo ID for your EasyJet flight? Just go print one up!
Don't worry if you show up for your domestic UK EasyJet flight without the mandatory photo ID the airline now requires; the helpful check-in clerks will direct you to the nearby train station where they'll make you up a free photo-card to go with a rail-pass, should you ever decide to buy one. Ah, security. "They suggested I go to the railway [...]
HOWTO: Exploit Bluetooth Headsets
Here's a pretty basic "how to" on connecting your PC to Bluetooth devices. When connected, you may send sound files to the Bluetooth device and/or record anything said into a bt headset. Neat for a Linux beginner.
All your passports are belong to us
Think of it this way: Chris Paget just did you a service by hacking your passport and stealing your identity. Using a $250 Motorola RFID reader and antenna connected to his laptop, Chris recently drove around San Francisco reading RFID tags from passports, driver licenses, and other identity documents. In just 20 minutes, he found and cloned the [...]
Ubuntu Linux kernel vulnerabilities
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. A local attacker could exploit this to cause a system [...]
Researchers Point Out XSS Flaws On American Express Website
American Express has been wrestling for more than a week with cross-site scripting vulnerabilities that could jeopardize the personal information of its customers, according to security researchers. Researchers have been reporting vulnerabilities on the Amex site since April, when the first of several cross-site scripting (XSS) flaws was [...]
Metasploit 3.2 Offers More “Evil Deeds”
Hacking into systems (albeit for testing purposes) is apparently getting easier with the upcoming open source Metasploit 3.2 framework, according to its creator. During a packed presentation at that SecTor conference here yesterday, Metasploit creator H. D. Moore detailed some of the new features in the upcoming Metasploit 3.2 release. They [...]
“Fakeproof” e-passport is cloned in minutes
New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports. Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws [...]
SQL injection countermeasure failures
Cute article about sanitizing form input... ...found this next snippet in the authentication code for the project he'd been assigned to. // The following string is an SQL comment, and could // blank out the check for password in our SQL statement // if used in the username! if (username.indexOf("';--")!=-1) { throw new [...]
A “hacker” broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia
WASHINGTON - A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom [...]
DEFCON 16 – The Tools
DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique. I say this because there are so many things to do at DEFCON, other than going to talks, that you could spend your whole weekend looking at [...]
