BeautyandBoost.com
Music
Security Alerts
- TA13-141A: Washington, DC Radio Station Web Site Compromises
- TA13-134A: Microsoft Updates for Multiple Vulnerabilities
- TA13-107A: Oracle Has Released Multiple Updates for Java SE
- TA13-100A: Microsoft Updates for Multiple Vulnerabilities
- TA13-088A: DNS Amplification Attacks
- TA13-071A: Microsoft Updates for Multiple Vulnerabilities
- TA13-064A: Oracle Java Contains Multiple Vulnerabilities
- TA13-051A: Oracle Java Multiple Vulnerabilities
- TA13-043B: Microsoft Updates for Multiple Vulnerabilities
- TA13-043A: Adobe Updates for Multiple Vulnerabilities
Security Tips
- ST06-001: Understanding Hidden Threats: Rootkits and Botnets
- ST06-005: Dealing with Cyberbullies
- ST06-004: Avoiding the Pitfalls of Online Trading
- ST04-009: Identifying Hoaxes and Urban Legends
- ST06-006: Understanding Hidden Threats: Corrupted Software Files
- ST10-001: Recognizing Fake Antiviruses
- ST04-016: Recognizing and Avoiding Spyware
- ST04-014: Avoiding Social Engineering and Phishing Attacks
- ST05-019: Preventing and Responding to Identity Theft
- ST05-006: Recovering from Viruses, Worms, and Trojan Horses
If Your Hard Drive Could Testify
Federal government claims it has the power to search citizens’ laptops upon re-entry into US. Ugh.
A couple of years ago, Michael T. Arnold landed at the Los Angeles International Airport after a 20-hour flight from the Philippines. He had his laptop with him, and a customs officer took a look at what was on his hard drive. Clicking on folders called “Kodak pictures†and “Kodak memories,†the officer found child pornography.
The search was not unusual: the government contends that it is perfectly free to inspect every laptop that enters the country, whether or not there is anything suspicious about the computer or its owner. Rummaging through a computer’s hard drive, the government says, is no different than looking through a suitcase.
One federal appeals court has agreed, and a second seems ready to follow suit.
There is one lonely voice on the other side. In 2006, Judge Dean D. Pregerson of Federal District Court in Los Angeles suppressed the evidence against Mr. Arnold.
“Electronic storage devices function as an extension of our own memory,†Judge Pregerson wrote, in explaining why the government should not be allowed to inspect them without cause. “They are capable of storing our thoughts, ranging from the most whimsical to the most profound.â€
Clarkson stung after bank prank
 
Top Gear TV presenter Jeremy Clarkson has lost money after publishing his bank details in his newspaper column.
The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people’s personal details on two computer discs.
He wanted to prove the story was a fuss about nothing.
Attack of the Clones
It’s all the latest rage – vehicle cloning. And rage is just what you’ll feel if you are the victim. Here is how it works. Thieves steal a car, usually a high-end “desirable†car or SUV. Then they take the vehicle identification number or VIN from a similar vehicle and slap it on the stolen car. Because each VIN is unique like a fingerprint, the stolen vehicle become a clone of a legitimate vehicle. Add some fake papers, and the thieves are ready to sell you a vehicle that looks perfectly legal.
When the police come knocking on your door, you have no legal recourse – you have to hand over the stolen property. Statistics show that this horror story is happening to more and more people ever year. In 2007 there were over 1.3 million cars stolen cars in the US, with over 250,000 or 1 in 5 of these stolen vehicles sold to unsuspecting victims. In the UK, this is being called that fastest growing car crime. And Canadians are being hit just as hard.
But you can avoid being a car clone victim. Here are nine tips to protect you from ending up the proud owner of a stolen car.
Urban WiFi Routers at Risk
Indiana University researchers say densely populated wireless routers could be the next method for spreading pharming, script injection, and bot infections
By Kelly Jackson Higgins Senior Editor, Dark Reading
Your crazy next-door neighbor could also be your biggest WiFi security risk: If his wireless router gets infected, it could spread malware to your router as well.
Researchers at Indiana University in Bloomington recently built an epidemiological model of the feasibility of malware rapidly spreading among WiFi routers in a densely populated area. They found in their simulations that tens of thousands of WiFi routers could be infected in two weeks — and most were infected within 24 to 48 hours.
The researchers then tested their model as a launching pad for drive-by pharming, an attack method demonstrated last year by several of their colleagues in a proof-of-concept attack they co-developed with Symantec. That’s where an attacker uses a broadband router vendor’s default password to control the router, after first luring the victim to a malicious Website to infect them with malicious JavaScript code. (See New ‘Drive-By’ Attack Is Remote.)
Linux phone to Debut upgrade at CES
OpenMoko has announced an upgrade to its Linux-powered mobile phone and plans to present the device at CES. That’s a slap in the face for open source competitor Google Android, which is still in development.In its announcement, OpenMoko writes “. . . at CES we will formally preview GTA02 to the public. We are doing this at an invitation-only media event, and not the general show floor.â€The GTA02 model was renamed FreeRunner and according to OpenMoko will be “previewed at CES and ship later this spring– first to developers and then to end users as software for the new hardware features becomes available.â€
OpenMoko may be looking to build a larger community of Linux software developers as it begins to to make its phone consumer-friendly.
Though Google recently announced the launch of its Android Developer Challenge, the company has not given any indication of when any Android-powered hardware may appear.
That gives OpenMoko a head start in developing additional Linux software for its phone and claiming marketshare.
The Most Hated Company In the PC Industry
Who in the hell is Asustek, and why does Microsoft hate them more than any other company in the industry? Why does Apple, Dell and Palm Computing hate them?
And why does Intel love them?
Taiwan’s Asustek — better known as ASUS — is one of the most interesting, innovative and fastest-growing companies in technology.
At its core, Asustek makes motherboards — more than any other company. Asustek motherboards are the heart of Sony’s PlayStation 2 consoles, Apple MacBooks, Alienware PCs, and some HP computers.
But that’s not why they’re hated. The source of ire is a tiny laptop called the ASUS Eee PC. This open, flexible, relatively powerful, and very small laptop is notable for one feature above all: Its price. The Eee PC can be had for as little as $299. (Go here to read the reviews — they’re all positive.)
Let’s take a moment to ponder how cheap that is. This full-featured laptop costs $69 less than the 16 GB Apple iPod Touch. It’s $100 less than an Amazon Kindle e-book reader. The most expensive configuration for the ASUS Eee PC on Amazon.com is $499.
Why We Should Still Vote for Ron Paul Even if He Isn’t Expected to Win
 
This might seem as common sense to many, but I have had a few conversations over the course of the past few weeks with friends of mine regarding Ron Paul, and this issue has come up a lot. Many people tell me that they love Ron Paul and want him to be our president, but shortly thereafter explain that it would be a wasted vote because he certainly will not win. All of the people who have told me this have got me thinking about the issue. If everyone who wants Ron Paul to become president decides that their vote might be better spent somewhere else, that might very well end up being the momentous he needs to win the election, and the reason he might lose!
So if you have thought about using your precious vote elsewhere, don’t! We all must unite, hold our ground, and vote for who we think is best no matter what. If Ron Paul follows through with his commitments, he will redeem this nation, bring it out of debt, and make me proud to be an American. Think about it this way, if you don’t vote for Paul, then when Giuliani takes over and starts WWIII you won’t have any excuse to bitch and moan.
See Everything Your Friends And Neighbors Have Ever Bought At Sears
Want to see all the major appliances and repair services that your friends and neighbors… (and anyone else who you can look up in the phone book) have ever purchased at Sears?Want to know what your mom might have purchased for your birthday? Want to know which houses in your neighborhood have really nice expensive TVs?
Sears provides a website, www.ManageMyHome.com where anyone can look up anyone elses’ entire purchase history at Sears—using only their name and address. This is especially convenient because these strange men keep dropping off huge lists of names and addresses on our door every year (we think they’re called “phone books”) and we never really knew what to do with them.
Apparently, all you need to do is create an account at www.managemyhome.com, click “Find Sears Products” and enter a name, address and phone number.
Is Sears Engaging in Criminal Hacking Behavior?
Join “My SHC Community” on Sears.com, and the company will install some pretty impressive spyware on your computer:
Questions to Consider in the Coming Privacy Wars
It seems obvious that privacy is going to be a major point of contention in the near-term future. It’s only going to get hotter as major online services compile huge amounts of data about us, as Open Data advocates push for that data to be freed up for reuse and as more cluster[fudge] incidents like the Facebook Beacon and the AOL search data release hit the public consciousness.
The story in the news this week is about Sears getting caught installing ComScore tracking spyware surreptitiously on customer’s computers. Who knows what it will be next week? Who knows what lurks in the shadows, set to make the news in the coming year or not at all?
Top 10 Secure Coding Practices
I like this photograph because it illustrates how the easiest way to break system security is often to circumvent it rather than defeat it (as is the case with most software vulnerabilities related to insecure coding practices).
Top 10 Secure Coding Practices:
CNN hides Ron Paul’s results
CNN had two different pie charts up at the same time during the Iowa caucuses.
Here’s the pie chart they put up for the Democrats.
Notice how CNN went out of its way to squeeze Bill Richardson’s two percent piece into the pie?
Now, look at the Republican pie chart.
Notice the giant void between McCain and Huckabee on the chart? At this point, Ron Paul had 10 percent of the vote. Why isn’t he listed when Bill Richardson’s two percent makes the Democratic pie? This wouldn’t be so obvious if it hadn’t been preceded by months and months of CNN shunning Ron Paul.
Ugh… That’s some poor (READ: biased) journalism.
VoIP For iPod Touch is Here
The Touchmods team have released version 1.0 of SIP-VoIP for the iPod Touch. This hack will allow the Touch to make phone calls over its WiFi connection. Although named version 1.0, it is most certainly still a beta, and will take some special magic on your part to get things going.
The Five Coolest Hacks of 2007
Nothing was sacred – not cars, not truckers, not even the stock exchange. Hackers are creative folk, for sure. But some researchers are more imaginative and crafty than others. We’re talking the kind of guys who aren’t content with finding the next bug in Windows or a Cisco router. Instead, they go after the everyday things we take for granted even more than our PCs — our cars, our wireless connections, and (gulp) the electronic financial trading systems that record our stock purchases and other online transactions.
Not that there’s anything wrong with a new Windows or Vista flaw. But you can’t help but secretly admire the ingenuity and persistence it takes to hack something that we hadn’t thought of as hackable — or that maybe that we just didn’t want to think was. These are the kinds of hacks that pierce the mainsteam consciousness: Your mom’s eyes may glaze over when you warn her about the risk of her PC becoming a bot, but you can bet you’ll have her full attention when you show how a hacker could redirect her brand-new car navigation system to a deserted dead end street far from her intended destination.
HOWTO: Use md5sum to Verify Data Integrity
First of all, what’s a hash?
A hash is the output of a one-way, reproducible function for creating a small fingerprint from a chunk of data. For example, when the popular hash function MD5 is given the word “catâ€, it produces the following output every time:
54b8617eca0e54c7d3c8e6732c6b687a
If “cat†is changed to “cats†the resulting hash is completely different:
48ccbaffbb0675f2a0d9e6ef8875a03c
No matter how much data the hash function is given, the fingerprint stays the same size. No matter how small the change to the data, the fingerprint will be totally different.
What’s md5sum?
A simple tool called md5sum is used for working with hashes in Linux. It allows hashes to be created and compared using the MD5 hash function. md5sum comes installed by default in Ubuntu and virtually every other Linux distribution. (It’s part of the GNU core utilities.)
Latest Topics
US CERT RSS Feed
- Adobe Releases Security Updates for Adobe Flash Player
- Security Updates Available for Adobe Reader and Acrobat
- Mozilla Releases Multiple Updates
- Microsoft Releases May 2013 Security Bulletin
- Adobe Releases Security Update for ColdFusion
- Microsoft Releases Security Advisory for Internet Explorer
- Cisco Releases Security Advisories
- Apple Releases Security Updates for Safari
- Scams Exploiting Boston Marathon Explosion
- Oracle Releases April 2013 Security Advisory
