Forgot your password?
Close
typodupeerror

Submission + - Stealing Windows Credentials Using Google Chrome (helpnetsecurity.com)

Submitted by Orome1
Orome1 writes: A default setting in Google Chrome, which allows it to download files that it deems safe without prompting the user for a download location, can be exploited by attackers to mount a Windows credential theft attack using specially crafted SCF shortcut files, DefenseCode researchers have found. What’s more, for the attack to work, the victim does not even have to run the automatically downloaded file. Simply opening the download directory in Windows File Explorer will trigger the code icon file location inserted in the file to run, and it will send the victim’s username, domain and NTLMv2 password hash to a remote SMB server operated by the attackers.
Security

Submission + - RDP proof of concept triggers blue screen of death (scmagazine.com.au)

Submitted by mask.of.sanity
mask.of.sanity writes: A working proof of concept has been developed for a dangerous vulnerability in Microsoft's Remote Desktop Protocol (RDP). The hole stands out because many organisations use RDP to work from home or access cloud computing services.

Only days after a patch was released, a working proof of concept has emerged. Chinese researchers were the first to reveal it and security professionals have found it causes a blue screen of death in Microsoft XP and Windows Server 2003 machines.

Many organisations won't apply the patch and many suspect researchers are only days away from weaponising the code.
Programming

Submission + - Why New Programming Languages Succeed Or Fail (infoworld.com)

Submitted by
snydeq
snydeq writes: "Fatal Exception's Neil McAllister discusses the proliferation of programming languages and what separates the successful ones from obscurity. 'Some people say we don't need any more programming languages at all. I disagree. But it seems clear that the mainstream won't accept just any language. To be successful, a new language has to be both familiar and innovative — and it shouldn't try to bite off more than it can chew. ... At least part of the formula for success seems to be pure luck, like a band getting its big break. But it also seems much easier for a language to shoot itself in the foot than to skyrocket to stardom.'"
Privacy

Submission + - IT Pros Can't Resist Peeking at Info (net-security.org)

Submitted by Orome1
Orome1 writes: IT security staff will be some of the most informed people at the office Christmas party this year. A full 26 per cent of them admit to using their privileged log in rights to look at confidential information they should not have had access to in the first place. It has proved just too tempting, and maybe just human nature, for them to rifle through redundancy lists, payroll information and other sensitive data including, for example, other people’s Christmas bonus details.
Apple

Submission + - How the iPad 2 Became My Favorite Computer (technologizer.com)

Submitted by
harrymcc
harrymcc writes: "Three months ago, I started using an iPad 2 (with a Zagg keyboard) as my primary computing device--the one I blog on, write articles for TIME magazine on, and use to prepare photos and other illustrations that go with my writing. I now use it about 80 percent of the time; my trusty MacBook Air has become a secondary machine. Over at Technologizer, I shared some thoughts about the experience."
Security

Submission + - Analysis of 250,000 Hacker Conversations (net-security.org) 2

Submitted by Orome1
Orome1 writes: Imperva released a report analyzing the content and activities of an online hacker forum with nearly 220,000 registered members, although many are dormant. The forum is used by hackers for training, communications, collaboration, recruitment, commerce and even social interaction. Commercially, this forum serves as a marketplace for selling of stolen data and attack software. The chat rooms are filled with technical subjects ranging from advice on attack planning to solicitations for help with specific campaigns. The forum is also a place where curious neophytes can find “how-to-hack” tutorials on various methods.
Science

Submission + - 3 share Nobel Prize in Medine for immune system wo (nobelprize.org)

Submitted by alphadogg
alphadogg writes: This year's Nobel Laureates have revolutionized our understanding of the immune system by discovering key principles for its activation.

Scientists have long been searching for the gatekeepers of the immune response by which man and other animals defend themselves against attack by bacteria and other microorganisms. Bruce Beutler and Jules Hoffmann discovered receptor proteins that can recognize such microorganisms and activate innate immunity, the first step in the body's immune response. Ralph Steinman discovered the dendritic cells of the immune system and their unique capacity to activate and regulate adaptive immunity, the later stage of the immune response during which microorganisms are cleared from the body.
Software

Submission + - Smartphones: the new home of crapware (pcpro.co.uk)

Submitted by
Barence
Barence writes: "Smartphones are replacing PCs as the new breeding ground for pre-installed crapware, argues PC Pro's Mike Jennings. The Sony Ericsson Xperia Mini Pro, for example, comes pre-loaded with McAfee security software and other associated apps, four different app stores, and a selection of games and other media management tools. "And it’s not like you can just get rid of this software, either — most of it’s there to stay, with hard-coded blocks in place to ensure you don’t uninstall any of the tat you don’t want," PC Pro adds."
Google

Submission + - Is Google+ a cathedral or bazaar social network? (theconversation.edu.au)

Submitted by Anonymous Coward
An anonymous reader writes: With its recent mass suspension of accounts, Google has highlighted its desire to create a social network that is very different to the way many (including those whose accounts were suspended) would want to see it. The metaphor of the Cathedral and the Bazaar used for software development can be applied to the 2 types of social networks being proposed by Google on the one hand and the pseudonym supporters on the other. Google's Cathedral model emphasises order and control whilst the bazaar model supports users who can be anonymous, have multiple identities, interact with anyone they please, and remain unobserved.
Crime

Submission + - The Notable Decline of Identity Fraud (net-security.org)

Submitted by Orome1
Orome1 writes: In 2010 the number of identity fraud victims decreased by 28 percent to 8.1 million adults in the United States, three million fewer victims than the prior year. Total annual fraud decreased from $56 billion to $37 billion, the smallest amount in the eight years of the study. While overall fraud declined, consumer out-of-pocket costs rose significantly, mainly due to the types of fraud that were successfully perpetrated and an increase in “friendly fraud.” The number of identity fraud incidents decreased by 28 percent over the past year, which brought them down to levels not seen since 2007. The mean fraud amount per victim declined from $4,991 in 2009 to $4,607.
Security

Submission + - Amazon EC2 Enables Cheap Brute-Force Attacks (infoworld.com)

Submitted by
snydeq
snydeq writes: "German white-hat hacker Thomas Roth claims he can crack WPA-PSK-protected networks in six minutes using Amazon EC2 compute power — an attack that would cost him $1.68. The key? Amazon's new cluster GPU instances. 'GPUs are (depending on the algorithm and the implementation) some hundred times faster compared to standard quad-core CPUs when it comes to brute forcing SHA-1 and MD,' Roth explained. GPU-assisted servers were previously available only in supercomputers and not to the public at large, according to Roth; that's changed with EC2. Among the questions Roth's research raises is, what role should Amazon and other public-cloud service providers play in preventing customers from using their services to commit crimes?"

Slashdot Top Deals

I have ways of making money that you know nothing of. -- John D. Rockefeller

Close