SnugglesTheBear - Slashdot User

Submission + - Hacker Cracks Skype's Proprietary Voip Protocol (techworld.com)

Submitted by SnugglesTheBear on Tuesday July 13, 2010 @11:43AM

SnugglesTheBear writes: "A hacker claims to have cracked the Skype’s proprietary encryption protocols that protect the VoIP company’s intellectual property.

The Luxembourg IP telephony company has zealously guarded its protocol but a hacker going by the name of ‘Sean O’Neil’ claims that he’s broken through the protection. On his blog, he praised Skype’s protection and explained the difficulty involved in breaking it. “'For over 10 years, Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean, really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries. Those who could, didn’t dare to publish their code, as it most certainly looked scarier than Frankenstein.'"

Though most sites were taken down almost immediately, there is still a cache of the original post.

Submission + - What u talkin' bout, security?

Submitted by notquitegary_coleman on Tuesday July 13, 2010 @11:42AM

notquitegary_coleman writes: With a parent company big enough to buy and rename the Sears Tower, and savvy enough to secure their own data using RSA keys...would you expect:

+ A project run by their recently-acquired IT subsidiary, for 80+ independent contractors in Western PA, run on laptops which have cd drives and usb ports accessible, while no anti-virus, anti-spyware, or biometrics/encryption are enabled? (The machines are lojack'd for theft, and the contractors are having a check witheld until they return each machine, so it's clear that the priority is the return of the machines, NOT the security.) These machines have been used on other projects, and have been known to be the transmission route for viruses, as stated during training classes.

+ Project management distributed power-on, operating system, and web portal passwords to all 80 contractors... with all 3 levels of login for every contractor having the SAME 9char password, not set to expire or encouraged/enabled to be changed, and including the name of the company who hired the contractors!

+ Sysadmins for the subsidiary attended training classes with the contractors, because they hadn't been able to test the system at all prior to project start.

+ No testing of the wireless guest access at 20+ client sites, or the backup wireless via a variety of 3G networks, was done prior to project start.

+ The data involved in the project should be protected under HIPAA, PCI and other compliance standards and practices. For 50,000+ clients. Doesn't sound like it is being protected at all.

+ The IT group responsible for the above doesn't return phone calls trying to alert them to the problems inherent in their scheme.

I wouldn't want to be the IT VP in charge of this baby.

Comment Korea's Theme Song (Score 1) 243

by SnugglesTheBear on Tuesday July 13, 2010 @09:40AM (#32886392) Attached to: South Korea Deploys Killer Robot In DMZ

Korea's theme song should be Linkin Park's Closer.

Submission + - Fake IME Windows Trojan Acts as an Update (websense.com)

Submitted by SnugglesTheBear on Wednesday July 07, 2010 @10:49AM

SnugglesTheBear writes: A new trojan has been spotted that acts as an antivirus update then utilizes the Windows input method editor (IME) to inject a system, technology that normally creates a means for users to enter characters not supported with their input device such as inputting Chinese characters etc. The fake IME file is really a DLL. The article details the steps the trojan takes.

Submission + - Brit Attempts Record Bittorrent Swarm Size (freakbits.com)

Submitted by ktetch-pirate on Wednesday July 07, 2010 @10:02AM

ktetch-pirate writes: Freakbits reports on an attempt to make the largest bittorrent swarm ever. Records are made to be broken, or at least that's the philosophy one UK man is taking. He wants to break the record for the most number of seeders on a torrent. The current record, as far as Freakbits/TorrentFreak is aware, was set by an EZTV torrent and stands at around 124,000.

Submission + - How to Own a Database With SQL Injection (threatpost.com)

Submitted by Trailrunner7 on Wednesday July 07, 2010 @09:58AM

Trailrunner7 writes: Threatposy has a cool guest column that lays out the techniques that attackers are using to penetrate databases via the Web through SQL injection attacks. "SQL injection is the most common penetration technique employed by hackers to steal valuable information from corporate databases. Yet, as widespread as this method of attack is, a seemingly infinite number of ‘sub-methods,’ or variations of SQL Injection attacks can be carried out against the database. One example would be the SYS.DBMS_PRVTAQIP package of a common Database Management System that contains procedures that are susceptible to SQL Injection and allows any user with EXECUTE privileges to execute commands under the elevated privileges of the SYS user.

Typically, when executed through a web front end, these attacks will not necessarily be caught by firewalls since they are using Port 80, and are hidden as part of the regular POST data when submitting a web form.

Submission + - IT folks snoop your protected data (networkworld.com)

Submitted by coondoggie on Wednesday July 07, 2010 @09:38AM

coondoggie writes: In a survey of IT professionals published Wedneday, 67% of respondents admitted having accessed information that was not relevant to their role, and 41% admitted abusing administrative passwords to snoop on sensitive or confidential information.

Submission + - 'Robin Sage' Duped Military, Security Pros (darkreading.com)

Submitted by ancientribe on Tuesday July 06, 2010 @10:39PM

ancientribe writes: A social networking experiment of a phony female military security professional known as"Robin Sage" (named after a U.S. Army Special Forces training exercise) worked way too well, fooling even the most security-savvy professionals on LinkedIn, Facebook, and Twitter. It also led to the leakage of sensitive military information after an Army Ranger accepted "Robin's" friend request on Facebook and his photos from Afghanistan exposed geolocation information accessible to "Robin." The researcher who conducted the experiment will show off his findings at the upcoming Black Hat USA conference in Las Vegas, where the real woman pictured in the profiles is scheduled to introduce him for his presentation.

Comment Percentage of porn sites (Score 1) 122

by SnugglesTheBear on Wednesday June 30, 2010 @02:30PM (#32748324) Attached to: Regular Domains Have More Malware Than Porn Sites

Researchers at Texas A&M are crawling the web and finding such statistics such as these. I do believe they have found that around 20% of websites on the internet are porn sites.

Submission + - MIT geniuses show off latest inventions (silicon.com)

Submitted by pinkgadget27 on Wednesday June 30, 2010 @11:53AM

pinkgadget27 writes: the latest article in a great content package going behind the scenes at MIT university's Media Labs to see what the researchers are getting up to. There's pictures of some great gadgetry, showing off everything from fluffy robots to cars that can fold up and drive sideways! There's also technology to help people with prosthetic limbs and exoskeletons to try on for size!

Submission + - The Security Weakness of App Stores (threatpost.com)

Submitted by redsoxh8r on Wednesday June 30, 2010 @11:30AM

redsoxh8r writes: All the recent news about Google's ability to remove and install apps remotely on Android phones may be missing a larger point here: All of the app stores that these companies run have massive security issues. "Even if the apps were stored on a single Google server, they are still compiled and signed on other systems. Anywhere along that production chain, a compromise could lead to apps being trojaned and surreptitiously pushed to many Android phones," Nate Lawson, a cryptographer, said of the Android model. "Android does provide some security in its code signing model. The developer’s signature on the .apk is basically a JAR signature. The hash of the APK cert is used to determine if a new app can access the same data as the previous app since it determines which UID an app gets. However, this only protects data created by existing apps from being accessed by other apps that are not signed with the same key. It also doesn’t say anything about the legitimacy of the code since the developer signs it themselves, often with a self-signed cert."

That last point is part of a larger problem with the Android Market and other such mobile app stores: malicious, flawed or faulty applications can slip through the cracks. In the case of the Android Market, there is no approval process, a la the iTunes App Store, requiring developers to submit their code for approval before it's posted for download. Developers can simply submit their apps and they'll appear in the Market within a few minutes.

Submission + - Dr. Demento: off the air, online (skunkpost.com)

Submitted by crimeandpunishment on Wednesday June 30, 2010 @11:18AM

crimeandpunishment writes: It's the end of an era in radio. A really funny, off-the-wall era. Dr. Demento is pulling the plug on his syndicated radio show, and will only be heard on the Internet. He's been a Sunday night fixture for nearly 40 years (making a star of "Weird Al" Yankovic and introducing offbeat classics like "Dead Puppies" and "There's a Fungus Among Us") , but he's down to fewer than a dozen radio stations....and says the Web will give him the freedom to play a wider selection of music, including songs too outrageous for radio stations which answer to the FCC.

Submission + - Taking the "pseudo" out of "pseudogenes"

Submitted by LeadFoot on Wednesday June 30, 2010 @11:12AM

LeadFoot writes: Pseudogenes are generally considered to be vestigial, or the remains of once active genes. The DNA sequence of a pseudogene resembles that of a gene, but owing to any of several reasons such as early termination, mutations or the inability to transcribe, pseudogenes are laying about the genome’s junkyard, accumulating rust and slowly being phased out of the genome. But a recent study shows that there is more to pseudogenes than just being archaeological genome dig markers, and actually they regulate the expression of their kin “real” genes. “Real” being in quotes, becuase suddenly, pseudogenes are “real” too — they are actually doing something, not just rusting away in the genome. Scientists show that some pseudogenes make RNA that acts as tumor suppressor — or as a cancer causing gene. The number of pseudogenes in a typical animal genome is equal to or sometimes exceeds that of regular genes. It may very well be that many of them are functional on the RNA level, offering a new perspective on what exactly is a gene, what is a pseudogene, and how they function and control in the cell.

Submission + - How Justice Stevens lost his majority (Bilski) (larrydownes.com)

Submitted by Anonymous Coward on Wednesday June 30, 2010 @10:56AM

An anonymous reader writes: A very detailed analysis of Monday's non-decision in the Supreme Court's business method and software patent case, that explains how retiring Justice John Paul Stevens had and then lost his last big chance to shape U.S. intellectual property law. Had he managed to hold on to his majority, U.S. business law would have been dramatically altered this week.

Submission + - Regular Domains Have More Malware Than Porn Sites (theregister.co.uk)

Submitted by SnugglesTheBear on Wednesday June 30, 2010 @10:42AM

SnugglesTheBear writes: "New research pours scorn on the comforting but erroneous belief that Windows surfers who avoid smut and wares on the web are likely to avoid exposure to malware.

A study by free anti-virus firm Avast found 99 infected legitimate domains for every infected adult web site. In the UK, Avast found that more infected domains contained the word "London" (such as the blog section of http://kensington-london-hotels.co.uk/ than the word "sex". Among the domains labelled as infected by Avast was the smart phones section of the Vodafone UK website. The mobile phone operator's site contained a malicious JavaScript redirect script that attempted to take advantage of an unpatched Windows Help and Support Centre flaw (CVE-2010-1885) to infect the machines of visiting surfers."

Slashdot Top Deals