Music
Security Alerts
- TA13-168A: Microsoft Updates for Multiple Vulnerabilities
- TA13-141A: Washington, DC Radio Station Web Site Compromises
- TA13-134A: Microsoft Updates for Multiple Vulnerabilities
- TA13-107A: Oracle Has Released Multiple Updates for Java SE
- TA13-100A: Microsoft Updates for Multiple Vulnerabilities
- TA13-088A: DNS Amplification Attacks
- TA13-071A: Microsoft Updates for Multiple Vulnerabilities
- TA13-064A: Oracle Java Contains Multiple Vulnerabilities
- TA13-051A: Oracle Java Multiple Vulnerabilities
- TA13-043B: Microsoft Updates for Multiple Vulnerabilities
Security Tips
- ST06-001: Understanding Hidden Threats: Rootkits and Botnets
- ST06-005: Dealing with Cyberbullies
- ST06-004: Avoiding the Pitfalls of Online Trading
- ST04-009: Identifying Hoaxes and Urban Legends
- ST06-006: Understanding Hidden Threats: Corrupted Software Files
- ST10-001: Recognizing Fake Antiviruses
- ST04-016: Recognizing and Avoiding Spyware
- ST04-015: Understanding Denial-of-Service Attacks
- ST05-019: Preventing and Responding to Identity Theft
- ST05-006: Recovering from Viruses, Worms, and Trojan Horses
How Hackers Work
HowStuffWorks takes a stab at separating a real hacker from what the media and public consider a hacker. Considering every script kiddie considers himself the l33t h@x3r this article is pretty good.
Thanks to the media, the word “hacker” has gotten a bad reputation. The word summons up thoughts of malicious computer users finding new ways to harass people, defraud corporations, steal information and maybe even destroy the economy or start a war by infiltrating military computer systems. While there’s no denying that there are hackers out there with bad intentions, they make up only a small percentage of the hacker community.
The term computer hacker first showed up in the mid-1960s. A hacker was a programmer — someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers — they saw the potential of what computers could do and created ways to achieve that potential.
BluRay supporters camping out at Walmart trying to stop people from buying HD-DVD
How pathetic this guy’s life must be?
Spent 3 hours at Wal-Mart today. I stoped 11 out of 12 people from getting HD-DVD players. I will be spending a lot of time down thier the rest of this year. It is the best I can do to help the less tech savy not get screwed on this half-step format. One couple I talked too went straight over to the games section and picked up a 40GB PS3. The wife said about HD-DVD “We have purchased Toshiba products for over 10 years and we have never been disipointed in them. I can not believe that they would sell a product that is not of the upmost quality.” Two other’s went ahead and picked up the 80GB which really shocked me , because that is a lot more than they came in expecting to spend. One of these people was an older man about mid 50′s he said “It would really be nice if they posted the differances between these products more. Seeing 30 of those GB things compared to 50 really gives you more of a idea about these products than price and names.” The only one I could not stop from buying it was this 27 year old guy that said he already had the 360 HD-DVD drive for his 360 in the living room, and he wanted to get this one for his bedroom.
Overall I think the day went well. I was surprised to see so much traffic towards HDM. It seems this year will see a lot of sales in this spectrum of the market. I am going to do my best to try and make sure that these Walmart shoppers in my area make an informed decision before purchaseing into HDM. Hopefully it will help Blu win and put us on track to a medium that will last for a solid 15 to 20 years.
We want off the U.S. terror watch list
More than 15,000 people have appealed to the government since February to have their names removed from the terrorist watch list that delayed their travel at U.S. airports and border crossings, the Homeland Security Department says.
The complaints have created such a backlog that members of Congress are calling for a speedier appeal system that would help innocent people clear their names so they won’t fall under future suspicion. Among those who have been flagged at checkpoints: toddlers and senior citizens with the same names as suspected terrorists on the watch list.
“To leave individuals in this purgatory is un-American,” says Rep. Yvette Clarke, D-N.Y., who says she’ll introduce legislation to try to streamline the process.
The Homeland Security Department says it gets about 2,000 requests a month from people who want to have their names cleared. That number is so high that the department has been unable to meet its goal of resolving cases in 30 days, says Christopher White, spokesman for the Transportation Security Administration, which handles the appeals. He says the TSA takes about 44 days to process a complaint.
In February, the TSA launched the Traveler Redress Inquiry Program, a one-stop shop for people to appeal links to the watch list, which flags anyone with potential ties to terrorism. The list has more than 750,000 names.
House Homeland Security Committee Chairman Bennie Thompson, D-Miss., says he will grill officials at a hearing on Thursday. “Given the widespread use of the terrorist watch list, the redress process is of paramount importance,” he says.
Fedora 8 Released Today
Fedora is a Linux-based operating system that showcases the latest in free and open source software. Fedora is always free for anyone to use, modify, and distribute. It is built by people across the globe who work together as a community: the Fedora Project. The Fedora Project is open and anyone is welcome to join.
The Fedora Project is out front for you, leading the advancement of free, open software and content.
As usual… Microsoft’s days are numbered… this release seals the deal… and for those Ubuntu users, no offense… but this release is pretty ruthless.
Screenshots after the jump.
Download for free.
The Vista Death Watch
Microsoft has extended the life of Windows XP because Vista has simply not shown any life in the market. We have to begin to ask ourselves if we are really looking at Windows Me/2007, destined to be a disdained flop. By all estimates the number of Vista installations hovers around the number of Macs in use.
How did this happen? And what’s going to happen next? Does Microsoft have a Plan B? A number of possibilities come to mind, and these things must be considered by the company itself.
So what went wrong with Vista in the first place? Let’s start off with the elephant in the room. The product was overpriced from the outset. Why was it so expensive? What was special about it? All the cool and promised features of the original vision of Longhorn were gutted simply because it was beyond Microsoft’s capability to implement those features.
This failure to deliver what was promised—even after several delays in the product’s release, by the way—did nothing to excite anyone. It made the company look bad. It directly resulted in a no-confidence vote that was manifested in a lackluster reception and low sales. Microsoft should have scrapped the project two years ago and instead patched XP until it could deliver something hot.
To make things worse, there are too many versions. Exactly what is the point of that? Don’t we all just want Vista Ultimate? The other versions seem like a way to maybe save money for some users who cannot afford to get the real thing. You can be certain this version glut results only in complaints about what each variation is missing.
Microsoft’s initial approach to marketing this turkey was obviously going to be to put it on just new machines, which would eventually saturate the market, but the PC manufacturers squawked and demanded the continuation of XP sales. Though there is some chatter about how Linux could use this lull in the Microsoft juggernaut to make some real headway onto the desktop, this is unlikely to happen. But Microsoft, with all its paranoid thinking, might have believed it to be possible. So XP is still with us and will be until deep into next year.
I should mention here that much of this mess, I strongly believe, is due to Microsoft’s recent obsession with Google and online search. Now Microsoft wants to be in the advertising business because Google is in the advertising business. Meanwhile, it can’t do its real job.
Read the rest of this entry »
Vector Magic
Stanford University research project on converting bitmap images to vector art, aka “auto tracing” or “automatic vectorization”. Similar to Adobe Illustrator’s Live Trace and CorelDRAW’s PowerTRACE but works better in many cases. Upload image and get a converted result (EPS/SVG) in a few moments.
Download gOS, the operating system of Wal-Mart’s $199 PC
This week Wal-Mart started selling a $199 PC with a Linux based operating system called gOS pre-loaded. A lot of websites mistakenly reported that the “g” stands for Google, because this stripped down operating system has direct links to a bunch of Google services like YouTube, Docs & Spreadsheets, and Blogger. But gOS is actually a stripped down “green” operating system based on Ubuntu.
And you don’t need to buy a $199 PC to load it. You can download gOS right now. Unfortunately, the developer’s site seems to be down at the moment, but you can find gOS on several Torrent trackers.
The ISO weighs in at 728 MB, making it a tight fit for a CD-R, but leaving plenty of room on a DVD-R. And like almost all Ubuntu-based operating systems, gOS comes as a LiveCD, meaning you can take it for a test drive without installing anything. Just boot your PC from the DVD. When you’re done, shut down, pop the DVD out and reboot into Windows, Linux, or whatever you’ve been using up until now.
Over 10 offers to pay student hacker’s fine
Chinese undergraduate Zhao Ke, fined $15,000 for hacking into his former school’s computer network, has received “over ten” offers to help pay his fine.
At least two law firms here, including Allen & Gledhill, have also offered to help him appeal the sentence.
The 21-year-old who is doing a double degree in engineering and economics on a National University of Singapore scholarship, met up with lawyers from Allen & Gledhill on Wednesday.
While he has yet to make a final decision, with the fine settled “there was no big need to appeal and I need to catch up on my studies,” he said.
No Cell Phones?
First of all, does anyone even remember the band W.A.S.P.? If I remember correctly they were a band from the early 80’s. Heavy metal always shadowed by the likes of Motley Crew, Twisted Sister, Scorpions, etc..
Second, can you believe that ANYONE would attend one of their shows today? Maybe I am being a little bit harsh here, but I honestly couldn’t name a single hit that this band has, let alone even name or hum one of their songs.
And to top it all of they have now released an official statement saying that ALL cameras, even mobile phones will be confiscated from people as then enter their shows.
Recovering Windows passwords with Linux
If you lose a Windows password, or you buy a system that has an OS on it, but you don’t know the password, what are you to do? The best thing to do would be to throw in a Linux CD, format the drive, and install the Distro. But, what if you want to boot to the system and see what’s on there, and get data off?
Intro to Reverse Engineering – Part 2
In Part 1, Intro to Reverse Engineering – No Assembly Required, we extended the series of coding articles for non-programmers with an area of high interest in the infosec community. We’re proud to be able to bring you the highly anticipated follow-up complete with screen shots, sample code and applications. This one is long and detailed, so strap yourselves in for some great educational content. This paper is designed to outline some essential reverse engineering concepts, tools and techniques – primarily, debuggers and using the debugging process to reverse engineer application functions and algorithms. It is assumed you have knowledge of basic assembly and C programming. An understanding of Win32 programming and API calls is also helpful. This tutorial does not necessarily have to be read in order (although it is strongly advised), as some sections do not contain information that directly relates to subsequent sections. However, if you begin skipping around and find that you have trouble understanding a concept, or feel like you missed an explanation, it would be best to go back to previous sections of the tutorial and read them first.
ExploitMe: Free Firefox Plugin
Dark Reading covers the upcoming release of free Firefox plug-ins that test common web application vulnerabilities. As with most security tools, they could be used for good or ill. “The ExploitMe tools — which are in currently in beta form — include SQL Inject-Me, which lets you right-click on an HTML field in your Firefox browser and inject it with SQL injection payloads, and XSS-Me, which works the same way, but with XSS. The tools developers also plan to release Web services exploit tools as well.”
Intro to Reverse Engineering
Last time we went over the C programming language in an introductory article specifically focusing on getting the security professional on the road to coding (or at least the road to understanding). This time around we extend the series of coding articles for non-programmers with an area of high interest in the infosec community, reverse engineering. This paper is intended as an introduction to reverse engineering for someone who has no experience whatsoever on the subject. You should have some basic knowledge of C programming, and access to a Windows or Linux box (preferably both) using the x86 architecture (i.e., your average computer). No knowledge of assembly code, registers, or the like is assumed, although it helps. The “Introduction” section of the paper is intended for the newcomer who has little or no understanding of what reverse engineering is and may be skipped by those looking for more technical details.
HOWTO: Grammar Check For Open Office
So you are trying to drop that MS Office habit but find yourself struggling thanks in part to features missing from Open Office (Oo) such as a solid grammar check feature. As it turns out, there is a solution for Oo users looking for this kind of functionality, be it about as ‘craptacular’ as the one for MS Office.
The problem is that grammar checkers in any form are a half-hearted solution to a larger problem. Another thing to consider is that the grammar check offered in this article does not underline mistakes as they do with misspelled words. This is due largely to the fact that this is an add-on rather part of the Oo bundle.
BackTrack 2 Virtual Appliance
The Ethical Hacker Network (EH-Net) proudly releases the only Official Version of BackTrack 2 that not only adds Metasploit 3 to the toolset but is also packaged as a VMware Virtual Appliance. Here are just a few of the features added by the projects lead developer, Mati Aharoni, specifically for the EH-Net Community:
- Metasploit updated to latest svn, all dependencies upgraded
- Added fabs patches for msfgui
- Aircrack-ng updated to 1.0 svn, all dependencies upgraded
- Tcpdump patched (security fix)
- Firefox updated to latest
- Firefox links, favorites and home page
- A few more lib fixes for old nasties in BT2 final
For those of you who are not familiar with BackTrack, here’s a brief description directly from the project’s web site, http://www.remote-exploit.org/:
BackTrack is the result of merging the two innovative penetration testing live linux distributions Auditor and Whax. Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The tools are arranged in an intuitive manner, and cover most of the attack vectors. Complex environments are simplified, such as automatic Kismet configuration, one click Snort setup, precompiled Metasploit lorcon modules, etc. BackTrack has been dubbed the #1 Security Live CD by Insecure.org, and #32 overall.
Backup files from dead Windows using Linux
Here is how you can backup files from dead Windows using either SLAX, Knoppix and Ubuntu.
Corporations Versus Democracy
 
The most important issue to young people in the 2008 campaign is one that no presidential candidate will discuss. In fact, even touching on this subject is taboo for anyone with aspirations to Congress or the White House. Anyone who has the temerity to mention this political third rail will almost certainly lose the campaign.
Technical Advances Make Your Passwords Practically Worthless
Russian outfit Elcomsoft has just filed for a US patent which leverages GPUs to crack passwords. Their approach harnesses the massively parallel processing capabilities of modern graphics cards to make minced-meat of corporate-strength password protection.
Latest Topics
US CERT RSS Feed
- Oracle Java SE Critical Patch Update Announcement - June 2013
- Security Updates Available for Adobe Flash Player
- Microsoft Releases June 2013 Security Bulletin
- Apple Releases OS X 10.8.4 and Security Update 2013-002
- Apple Releases Security Update for Safari on OS X
- Google Releases Google Chrome 27.0.1453.110
- Apple Releases Security Updates for Apple QuickTime 7.7.4
- Google Releases Google Chrome 27.0.1453.93
- Adobe Releases Security Updates for Adobe Flash Player
- Security Updates Available for Adobe Reader and Acrobat
