Forgot your password?
typodupeerror
Botnet

+ - Operation Payback: protests via mouse click ->

Submitted by
juct
juct writes "The UK site The H took a quick look at the tool being used in the recent DDoS attacks against Mastercard, Visa and Paypal. It's called LOIC ("Low Orbit Ion Cannon") and connects to an IRC channel or a Twitter account to receive orders for coordinated denial of service attacks. Essentially it works a bit like a voluntary bot network."
Link to Original Source
Security

+ - Mozilla to protect Adobe Flash users -> 1

Submitted by
juct
juct writes "Firefox is going to check the version of installed Adobes Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to "protect users from emerging threats online". Only recently a study confirmed, that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."
Link to Original Source
Government

+ - From the diary of a spy->

Submitted by
juct
juct writes "A former agent of the British MI5 secret service, told tales out of school at the 24th Chaos Communication Congress (24C3) in Berlin last Saturday. Apart from revealing details about the agency's computer problems she also gave insight into the thought processes and methods used by spies and called emphatically for more democratic control."
Link to Original Source
Security

+ - Secure your PHP aps -- now->

Submitted by
juct
juct writes "In their yearly top 20 security risks the Internet Storm Center names web applications as top risk for servers: "Every week hundreds of vulnerabilities are reported in commercially available and open source web applications, and are actively exploited." The number one problem they list is "PHP Remote File Include". So why not spend a little time to secure your web server now. heise Security has a writeup on Basic PHP security with practical examples."
Link to Original Source
Security

+ - Antivirus protection worse than a year ago->

Submitted by
juct
juct writes "In a test of 17 antivirus products, the german magazine c't concluded, that the effectiveness has fallen off, and more and more pests can now slip past these barriers. Most of the products perform reasonably well if they can rely on their database of signatures. But if they have to detect new malware with heuristics, the results were worse than last year. Besides this c't did the first comprehensive test of behaviour blocking in antivirus products and found that more than half of them did not react on suspicious behaviour at all. The test itself is available only in the printed magazine, heise Security published a summary."
Link to Original Source
Security

+ - Dreamlab cracks wireless keyboard encryption->

Submitted by
Felix
Felix writes "Wireless keyboards and mice are becoming an increasingly common sight on desks. However, wireless hardware carries large hidden risks. Dreamlab Technologies has shown that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details or confidential correspondence can be very easily eavesdropped. Checkout http://www.dreamlab.net/ for further information."
Link to Original Source
Security

+ - SecTor conference starts of with DNS(SEC) talks

Submitted by leto
leto (8058) writes "Dan Kaminsky and Paul Wouters both presented DNS security talks at the new Canadian security conference SecTor in Toronto. Kaminsky showed a DNS binding attack using javascript and flash, allowing him to penetrate any firewall and start scanning the internal network of any user that visited his website. Wouters gave a presentation on the Theory and current worldwide operational experiences of DNSSEC that included a fancy google map overlay showing all TLD's deploying or testing DNSSEC. For those not convinced about the need for DNSSEC, he showed "15 ways of using the DNS to capture your clicks". Other speakers included Rohit Sethi and Nish Bhalla demonstrating their new Opensource Exploit-Me series of Firefox plugins to perform automated penetration testing, Johnny Long with a hilarious talk on Hacking Hollywood, and the mandatory presentations about wifi and bluetooth insecurities. No presentors were denied entry into Canada."
Security

+ - Spying on the TOR anonymisation network->

Submitted by
juct
juct writes "The long standing suspicion, that the anonymizing network TOR is (ab)used to catch sensitive data by Chinese, Russian and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."
Link to Original Source
Security

+ - Apple Mail in Leopard vulnerable again->

Submitted by
juct
juct writes "In March 2006 Apple defused a security problem in Apple Mail that made it possible to inject disguised malignant code. In Leopard, the patch was apparently forgotten. This means that you can inadvertently start an executable by double-clicking a mail attachment that looks like a JPEG image file. This works with special attachmnets of the MIME type AppleDouble, that carry information which application should be used to open a file. In Tiger you got a warning about a program being opened, Leopard silently executes a shell script with Terminal.app. heise Security provides a demo, where you can check for yourself."
Link to Original Source
The Military

+ - Who will defeat Colossus?->

Submitted by
juct
juct writes "Starting this Thursday Radio amateurs and cryptologists are being challenged to decode encrypted radio messages generated by a Lorenz SZ42 cipher machine and sent using the original radio protocol from WWII. Those taking part in the cipher event will compete against a rebuild of the computer used to crack enciphered messages sent by the German high command 63 years ago. See: Who will defeat Colossus?"
Link to Original Source
Security

+ - Leopard firewall functionality and holes->

Submitted by
jmt(tm)
jmt(tm) writes "The uk version of German it news site heise runs a follow up of earlier stories on problems with the firewall in Apple's new version of OS X. They take a look at Apple's own documentation, now available at the Mac OS X 10.5: About the Application Firewall page. Their verdict is clear: "Alltogether this confirms the impression created by the initial functionality test. In its current version, this firewall cannot be recommended for practical use.""
Link to Original Source

After all is said and done, a hell of a lot more is said than done.

Working...