GV Menace » Hack In The Box

« Expand/Collapse

Hack In The Box (50 unread)

Skip to page: 1 2 3 ... 114

March 11, 2010
19:05
Inside the mind of a Russian hacker
» ‎ Hack In The Box (general)

Andrei is a young man with immense power at his fingertips. He's a reformed Russian hacker. Back hunched, eyes fixed on the computer screen in front of him, he demonstrates what he can do. "Look, here's the log-in and the password," he says, pulling up a Georgian government website. "This site has already been hacked, I'm just demonstrating the vulnerability. But it's easy if you know how." At just 20 years old, Andrei works for an information security firm. He says he does nothing illegal now, but he used to. "I started when I was 14. I hacked a series of military resources, the US army, some Russian departments. I wanted to examine how well protected they were."
19:00
The Oracle approach to application security
» ‎ Hack In The Box (general)

Until recently, security was an integral part of the application; business logic and security code were hardly discernible. Todayâs web-based applications demand much more agility to face changing customer needs, often leading to many application component modifications and redeployments. Typically, multi-tiered web applications are defined in âpatternsâ that isolate user interface from business logic and data storage. Application security is different at each tier involved in the overall process. For example, a user interface must provide a way to authenticate incoming requests, and application servers must access backend database systems securely. Companies understand the necessity of including security as part of the development process, but they face challenges in implementing security in the various layers of multi-tiered web applications.
19:00
Visa issues guidelines for data field encryption
» ‎ Hack In The Box (general)

Visa Europe, Europe's leading payment system, today launched the industry's first guidance for data field encryption solutions by providing the minimum security practices needed to help support Payment Card Industry Data Security Standard (DSS) compliance. The guidelines are based on best practices developed by Visa Europe that will help merchants and other stakeholders in the payments process to evaluate data field encryption solutions. These technologies can help secure card data when it is either being stored or moved and render it useless to fraudsters in the event of a data compromise.
19:00
Pirate Bay appeals looks set to start in September
» ‎ Hack In The Box (general)

The case against the four people involved in the running of Pirate Bay is heading back to court at the end of September. The appeals trial is tentatively scheduled to start on Sept 28., the Svea Court of Appeals said on Wednesday. It has been almost a year since Fredrik Neij, Gottfrid Svartholm Warg, Peter Sunde and Carl LundstrÃ¶m were found guilty of being accessories to crimes against copyright law, and each sentenced to one year in prison. The court also ordered them to pay around 30 million Swedish kronor ($4.2 million) in damages. All four subsequently appealed the verdict. Nine days have been scheduled for the trial, the last one being Oct. 15. The dates are preliminary, and can be changed if the defendants or the prosecution have any objections. On Thursday, Sunde's lawyer told the court that Sunde is unable to attend, according to Svea Court of Appeals judge Ulrika Ihrfelt.
19:00
Guide To Security In The Workplace
» ‎ Hack In The Box (general)

Data loss is a major concern for businesses of all sizes. High profile data breaches continue to grab headlines and organisations are feeling the heat of the intense media spotlight for losing confidential information about their company, employees, and clients. The Human Resources department is the gatekeeper of highly confidential employee data, and it needs appropriate measures in place, ensuring that the trust employees place in them to secure this information is well founded. Employees can also access the companyâs confidential data, and itâs vital that HR, working with IT, have the right tools and procedures to help staff avoid accidental disclosures. Few employees have malicious intent towards employers. Guarding against the few that do requires draconian levels of control, an approach which can stifle the trust within an organisation.
19:00
10 Reasons Why Security Problems Persist at Microsoft
» ‎ Hack In The Box (general)

As much as Microsoft would like security problems to just go away, they won't. The chances of Microsoft eliminating most of the software flaws that invite new attacks are slim to nil. But there are many things that Microsoft should do to improve the situation. We take a look at why security issues continue to haunt the software giant and what Microsoft can do about it. Microsoft sent out a patch March 9 for security holes in Office Excel and Windows Movie Maker. Recent reports also suggest that a zero-day vulnerability is currently being used to attack Internet Explorer 6 and 7, allowing malicious hackers to run remote code. The software giant said it's aware of problems affecting computers because of the IE flaw. But it's just another in a long line of vulnerabilities that have yet to be patched in IE, Windows and several other Microsoft products. Security has been an enormous issue for Microsoft throughout the years. As its software became more popular and as hackers became more sophisticated, Microsoft customers were being targeted at an astounding rate.
19:00
Code library gives homebrew iPod remotes chance for awesome
» ‎ Hack In The Box (general)

Not too long ago, David Finland built a device capable of communicating with just about any model of iPod via the dock connector using an Arduino Nano, PodGizmo breakout board, an old USB iPod connector, and a momentary switch. While it may not sound like a big deal, there is more to it than one might think: namely programming a device (in this case the Arduino Nano) to be able to receive, interpret, and respond to messages sent from an iPod. This means teaching it to speak Apple Accessory Protocol and, although proprietary in nature, it has been fairly well documented around the Internet. Finland slung some code so that his iPod touch was hooked up to one of the famous Staples Easy buttons in his car. Now he could easily play and pause his iPod touch without having to fiddle with the on-screen controls.
19:00
Pentagon trains workers to hack Defense computers
» ‎ Hack In The Box (general)

The Pentagon is training people to hack into its own computer networks. "To beat a hacker, you need to think like one," said Jay Bavisi, co-founder and president of the International Council of Electronic Commerce Consultants, or EC-Council. His company was chosen by the Pentagon to oversee training of Department of Defense employees who work in computer security-related jobs and certify them when the training is complete. The Department of Defense does not consider this hacking. "DoD personnel are not learning to hack. They are learning to defend the network against hackers," said spokesman Lt. Col. Eric Butterbaugh.
19:00
Nvidia Denies Bribing Game Developers for Implementation of PhysX
» ‎ Hack In The Box (general)

Nvidia Corp. has denied accusations of its arch-rival Advanced Micro Devices of providing cash to game developers for implementing GPU-accelerated processing of physics effects using PhysX middleware. While Nvidia admits that it can provide engineers or artists to help game developers to incorporate certain effects into titles, the company cannot influence their decision to utilize PhysX, but not other libraries or engines. âThere could be no deal under which we would cash somebody in for using PhysX,â said Ashutosh Rege, the worldwide director of developer technology at Nvidia
19:00
Balancing 'Advanced Security' With User Privacy
» ‎ Hack In The Box (general)

In what could be a portentous move, IBM Corp. (NYSE: IBM) recently launched the IBM Institute of Advanced Security. Whether it can succeed may depend on how well it can balance issues of security and privacy in dealing with the government sector. The organization, which will keep its headquarters in Washington, D.C., plans to use IBM's "research, services, software, and technology" to help governments and the private sector understand and, perhaps more importantly, limit the spread of cyberattacks across the Web. IBM said that its work with security stakeholders will be "collaborative" in nature. Rather than providing a service and keeping information close to the vest, IBM plans to allow both public and private organizations to tap into IBM's services to enhance their security infrastructures.
19:00
Celebrities caused 2009 Twitter crime wave
» ‎ Hack In The Box (general)

Criminals started targeting Twitter in earnest during a key period in early 2009, and security company Barracuda Labs has worked out why. During the same few weeks a key list of a-list celebrities joined the site. According to the company's analysis, the 'red carpet' era between November 2008 and April 2009 saw 48 out of the 100 currently most popular Twitter celebs start using the service, including such notables as Ashton Kutcher, Oprah Winfrey, Ashley Tisdale, Miley Cyrus, Paris Hilton and music group Coldplay. This in turn drove a huge surge in public interest, which spiked from 2 percent growth rates in November to a 21 percent growth rate by April, the service's 'tipping point' month.
19:00
Rootkit shows potential for hackers to wreak havoc on smartphones
» ‎ Hack In The Box (general)

Researchers at Rutgers University in the US have developed a proof-of-concept rootkit capable of compromising most aspects of a smartphone. They have shown how a software attack could cause a smartphone to eavesdrop on a meeting or track its owner's location. Unlike viruses, rootkits attack operating systems and can be detected only from outside a corrupted operating system with specialised tools. "We are showing that people with general computer proficiency can create rootkit malware for smartphones. The next step is to work on defences," said professor of computer science Liviu Iftode.
19:00
HSBC Breach of Customer Data 'Inexcusable'
» ‎ Hack In The Box (general)

The theft of 15,000 records of HSBC Swiss account holders is âinexcusable,â according to a security expert who provides consulting services to financial firms, and the bank should have taken steps to prevent the loss. âAs an HSBC customer, I'm appalled,â said Steve Markey, founder and principal of Philadelphia-based data security and privacy consulting firm nControl LLC whose clients include AIG, Haverford Trust and Printz Capital Management. âAs a security and privacy expert, controls should be in place.â According to Markey, up to 70 percent of all security breaches are a result of insider threats. Banks need to segregate duties so that only those employees who need to can access sensitive data, he said, and have data leakage and loss prevention technology in place.
19:00
Sacrificing Privacy for National Security
» ‎ Hack In The Box (general)

The 1983 terrorist attack in Beirut that killed 241 marines made the intelligence community's failings clear to then Deputy National Security Adviser John Poindexter. He launched a surveillance overhaul that, National Journal's Shane Harris writes, helped give rise to modern counterterrorism. In The Watchers: The Rise of America's Surveillance State, Harris traces U.S. counterterrorism since, highlighting the technological advances that allow agencies to collect more data now than ever. Harris, a two-time finalist for the Livingston Awards for Young Journalists who covers counterterrorism, intelligence, and homeland security, recently chatted with U.S. News about why more resources should be devoted to data analysis and how citizens' privacy may be compromised for the sake of national security.
19:00
Pennsylvania CISO out of a job following RSA Conference appearance
» ‎ Hack In The Box (general)

Bob Maley, Pennsylvania's CISO since 2005, is out of a job, days after he joined a group of other state IT security chiefs on an RSA Conference panel and reportedly offered candid remarks about a recent data breach. Gary Tuma, a spokesman for Gov. Endell, told SCMagazineUS.com on Thursday, that Maley was no longer employed by the state. He would not say whether he was fired. "Beyond that, it's a personnel issue and we don't discuss it," he said. Maley's final day in his $90,661-a-year post was Monday. A call placed to Maley's cell phone went directly to voicemail.
19:00
Foreign intelligence agencies hack into British companies
» ‎ Hack In The Box (general)

In evidence to a Parliamentary committee, The Centre for the Protection of National Infrastructure, a Government agency, said that Government-backed hackers from China and Russia were behind a large proportion of the operations. Their aim is to steal government, defence and technology information. Most large firms have been targeted and, in ''many cases'', the attacks have been successful. Islamist terrorists are also behind attacks via the internet. Although their efforts are more limited, they are on the increase. The scale of the attacks was disclosed in the annual report of the Intelligence and Security Committee (ISC).
19:00
Moshe Ben Abu publishes exploit code for new IE hole
» ‎ Hack In The Box (general)

An Israeli security researcher has published exploit code for an unpatched hole in Internet Explorer that Microsoft disclosed two days ago. Microsoft had warned in an advisory that a new vulnerability in IE 6 and IE 7, which could allow an attacker to take control of a computer, had been targeted in attacks. Releasing the exploit code publicly increases the chances of attacks on the zero-day hole and could pressure Microsoft to issue a patch before its next scheduled Patch Tuesday in four weeks. Researcher Moshe Ben Abu announced his work in a blog post on Wednesday and said it was being included in the open-source Metasploit exploit database.
19:00
iPhone 4.0 Bringing Multitasking
» ‎ Hack In The Box (general)

Apple this summer will go a long way towards silencing critics and catering to one of the most prevalent demands of its iPhone user base, when it introduces a multitasking solution through the handset's 4.0 software update that will finally allow several third party apps to run concurrently and in the background. People with a proven track record in predicting Apple's technological advances tell AppleInsider that the Cupertino-based company has developed a "full-on solution" to multitasking on the iPhone OS but offered no specifics on how the technology would optimize resource conservation and battery life -- two of the most critical issues surrounding the matter, alongside security. From a user-facing perspective, Apple plans to deliver a multi-tasking manager that leverages interface technology already bundled with its Mac OS X operating system, according to those same people. It was requested that specifics be withheld at this time, as the iPhone Software 4.0 remains under development and reportedly has a quite 'way to go' before it's ready for prime time.
19:00
Koobface Worm Doubles Its Number Of Command And Control Servers In 48 Hours
» ‎ Hack In The Box (general)

The shut down and recovery of the Troyak-as command and control center (C&C) for the active Zeus botnet was good news for the whole IT security community. But unfortunately, as some botnets struggle, others stay unaffected. As part of their relentless effort to stay ahead of cybercriminals, Kaspersky Lab's research and analysis team have recently monitored a surge in Koobface C&C servers, the highly prolific worm infesting social networking sites. Koobface targets sites such as Facebook and Twitter, and uses compromised legitimate websites as proxies for its main command and control (C&C) server. Definition of Command & Control Center: Command and Control centers are servers maintained by the owners of a botnet and used to enable the infected computers to "call back to their masters" and get updates and commands, such as downloading new or more malware, or stealing various computer files or personal information, such as banking accounts.
19:00
Mark Zuckerberg's 2004 Email Break-In Could Be A Felony
» ‎ Hack In The Box (general)

Mark Zuckerberg's hacking of email accounts and user profiles in 2004 could be felonies under Federal and state law, according to privacy lawyers. As we described last week, Mark used login data of early Facebook members to break in to the private email accounts of two Harvard Crimson editors. He also broke into the systems of competitor ConnectU and changed user profiles, also according to IMs. Mark now oversees private data of 400 million people as the CEO of Facebook. Questions have been raised about whether this 2004 behavior violated laws and whether users can trust the company to keep their information from being misused.
19:00
Smartphone apps need securing at the software development stages
» ‎ Hack In The Box (general)

Smartphones could very easily become spy phones, with hackers able to eavesdrop on your conversations, researchers at Rutgers University in the US have warned. The handsets could be hijacked using malware as they have now become as advanced as computers, say experts. Researchers at Rutger's University have developed a proof-of-concept rootkit that can be ported to multiple smartphone operating systems such as the Apple iPhone plus Google Android, and allows hackers to remotely turn on the GPS function, as well as remote-enable the phone's microphone. Rootkits â which has been around on PCs since the mid-1990s â are notable for masking their own existence on the computer, and can be installed via e-mails that trick users into opening attachments.
19:00
Security Industry Faces Attacks It Cannot Stop
» ‎ Hack In The Box (general)

At the RSA Conference in San Francisco last week, security vendors pitched their next-generation of security products, promising to protect customers from security threats in the cloud and on mobile devices. But what went largely unsaid was that the industry has failed to protect paying customers from some of today's most pernicious threats. The big news at the show had to do with the takedown of the Mairposa botnet -- a massive network of hacked computers that has infected half of the Fortune 100 companies. So-called advanced persistent threat (APT) attacks, such as the one that compromised Google systems in early December, were another hot topic. Both Mariposa and the Google attacks illustrate the same thing, however. Despite billions of dollars in security spending, it's still surprisingly hard to keep corporate networks safe.
March 10, 2010
20:26
8 weird but cool Android apps
» ‎ Hack In The Box (general)

So you told your boss that you bought your Android smartphone so that you could track your business calls, be more effective when traveling for your company, have easy access to Gmail and keep your organization's Twitter feed current. But we know what's really going on -- you got that smartphone because it was cool and because you wanted to play with all the apps. (And possibly because it wasn't Apple or AT&T.) Just for the heck of it, I've gathered eight free apps that are just plain fun to use. A couple of them are also actually useful; another two are sort of useful (if you stretch the point a bit); the last four are just there to play with.
20:22
Schneier: Fight for privacy or kiss it good-bye
» ‎ Hack In The Box (general)

If the public wants online privacy it had better fight now for laws to protect it because businesses won't and individuals don't have the clout, security expert Bruce Schneier told RSA Conference. The longer information-privacy policies go unset, the more likely it is that they never will be set, says Schneier, an author of books about security and CTO of security consultant BT Counterpane. As young people grow up with broad swaths of information about them in the public domain, they will lose any sense of privacy that older generations have. And they will have no appreciation that lack of privacy shifts power over their lives from themselves to businesses or governments that do control their information. Laws protecting digital data that is routinely gathered about people are needed, he says. "The only lever that works is the legal lever," he says. "How can we expect the younger generation to do this when they don't even know the problem?"
20:21
Soft skills lacking in candidate-rich market
» ‎ Hack In The Box (general)

Recruitment firm Kelly Services says demand for skilled and experienced IT professionals continues, despite recent economic conditions. Late last year, Kelly Services conducted a workplace survey in 12 countries, including New Zealand, polling senior IT decision makers across many industries. In the New Zealand survey, approximately 71 percent of respondents reported an increase or no change in demand for IT staff. This was little different from Kelly Services' previous survey, carried out in July 2008, when 80 percent of respondents described the effects of the then-IT skills shortage as moderate to severe.
20:20
Zeus Botnet Dealt a Blow as ISP Troyak Knocked out
» ‎ Hack In The Box (general)

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines. Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning. The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it."
20:19
Twitter Becomes More Proactive About Phishing
» ‎ Hack In The Box (general)

Twitter is finally being proactive about the large number of phishing scams that have plagued the micro-blogging service in the past year. On Wednesday, Twitter introduced its own anti-phishing service designed to protect its users from these types of attacks. The new security measures will focus on Twitter direct messages (DMs) -- private tweets addressed to a specific user -- and corresponding e-mail notifications. Twitter believes DMs are the primary source of Twitter-based phishing attacks, and has not yet announced any plans to extend the new service to regular Twitter messages. DMs will now be routed through Twitter's anti-phishing service to "detect, intercept, and prevent the spread of bad links," Del Harvey, director of Twitter's trust and safety team, wrote in a recent blog post. After Twitter has approved a link, it will be delivered to users via a new 'twit.tl' URL instead of bit.ly, tinyURL or other link-shortening services. Twitter also claims that if a bad link gets through to a user via e-mail, the company would still "be able to keep that user safe."
20:19
Google Street View to cover 96 per cent of UK roads from tomorrow
» ‎ Hack In The Box (general)

Google will make a further 210,000 miles of UK roads available for your perusal on Street View this Thursday, adding to the 28,000 miles that are currently shown. That means you'll be able to see about 96 per cent of this leafy land's approximately 246,985 miles of thoroughfares. Twenty-four perfectly respectable UK settlements, as well as Sc**thorpe, enjoyed the Street View treatment when it launched in Blighty in March last year. Now you'll be able to virtually visit cities and hamlets -- at least the ones where the Google Street View car hasn't been forced to beat a speedy retreat by a pitchfork-wielding posse -- from Cornwall to the Shetlands.
20:18
EFF knocks Apple's 'secret' restrictive developer agreement
» ‎ Hack In The Box (general)

The first rule of Apple's App Club is: You do not talk about App Club. Any developer who writes an app for the App Store is forbidden from making any public statements about the iPhone Developer Program Licensing Agreement. Second rule of App Club is: Said developers also can't sell their apps to other app stores, even if that app is eventually rejected by Apple. Third rule of App Club: You can't reverse engineer anything having to do with the App Store software development kit (SDK) or the iPhone OS. Fourth rule: Apple retains the right to remove your app from the App Store at any time, for any reason. (Hello, Hottest Girls app; goodbye, Hottest Girls app.) Fifth rule: If you're sued because of your app, or if Apple screws up the app to the point where you lose money and/or customers, Steve Jobs' company is liable for only a whopping US$50 in damages -- an Apple self-insurance deductible, as it were.
20:15
Douglas Duchak charged over bid to damage US security database
» ‎ Hack In The Box (general)

A Colorado man has been charged with trying to sabotage a U.S. security database that holds sensitive information used for screening air travelers, the Justice Department said on Wednesday. Douglas Duchak, 46, had worked at a Transportation Security Administration operations center for five years, updating its computers with data from the Terrorist Screening Database and the U.S. Marshal's Service Warrant Information Network. The TSA is primarily responsible for screening passengers at U.S. airports and uses information from intelligence and law enforcement agencies to prevent people who pose a threat from boarding commercial flights. The agency has come under new pressure to ramp up security in the wake of a failed plot in late December to blow up a U.S. commercial jetliner.
20:14
No-Fly List Includes the Dead
» ‎ Hack In The Box (general)

You may be dying, figuratively, to get off the governmentâs no-fly list, but death wonât guarantee removal. The governmentâs no-fly list includes the names of dead suspects to help catch people who may try to assume the suspectâs identity, according to government officials who spoke with The Associated Press. The no-fly list has been shrouded in mystery since it was first developed after the 9/11 attacks. How people get on the list or get off it has been a closely guarded secret, with only bits of information made public during congressional hearings. The AP has pieced together the broad steps it takes for someone to get on the list, and some of the changes the list has undergone since it was created nine years ago.
20:08
New Gestures coming to iPhone/iPad: Triple tap and long press
» ‎ Hack In The Box (general)

On the surface, the latest iPhone 3.2 Beta 4 SDK didn't have much new information. Diving a little deeper however, we find some very exciting news. In the gestures folder, you'll see two new types of commands (3Tap.plist and LongPress.plist) that are certainly not implemented in the current 3.1 iPhone SDK. Apple is likely allowing developers to use these capabilities in the next versions of the OS. We might even see these in the shipping version of the iPad.
20:07
No Trace: How to Completely Erase Your Hard Drives, SSDs and USB Drives
» ‎ Hack In The Box (general)

With stories abounding of identity theft aided by information lifted from discarded storage devices, you want devices you no longer plan to use to have no usable information when they head out the door. Here's how to wipe them clean. Sure, you could erase the contents of the drive, but keep this in mind: the act of erasing a file does not remove it from a storage device. When you erase/delete a file from your computer, it's not really gone until the areas of the disk it used are overwritten by new information. If you use the normal Windows delete function, the "deleted" file is sent to the Recycle Bin until the space it uses is required by other files. If you use Shift-Delete to bypass the Recycle Bin, the space occupied by the file is marked as available for other files. However, the file could be recovered days or even weeks later with third-party data recovery software. As long as the operating system does not reuse the space occupied by a file with another file, the "deleted" file can be recovered.
20:06
How deep can Intel get inside the smart grid?
» ‎ Hack In The Box (general)

I think a lot about which companies that Iâve been covering for zillions of years will be around 10 years from now, as the Internet moves into its next phase of innovation around things like machine to machine communications, which is sort of personified in the smart grid. If you think Microsoft and IBM and Hewlett-Packard are invincible, pause a moment to memorialize Digital Equipment Corp. Clearly, many of the legacy IT companies â IBM, Microsoft, SAP, Oracle, to name a few â are all over the whole intelligent utility market like a bad suit. But what about that other kingpin of the personal computing movement, Intel, the company of the famous âInsideâ motto. Clearly, the company hopes to be deep inside the smart grid.
20:05
ARM Expects 50 Tablet Devices to Hit the Market This Year
» ‎ Hack In The Box (general)

ARM, a leading developer of microprocessor technologies for portable and consumer electronics, said at a press conference on Wednesday that this year around 50 tablet PC devices akin to Apple iPad released worldwide. While analysts agree that there may be a lot of slate-type PCs launched, far not all will become successful. âThe first tablet devices will launch in the second quarter by [mobile network] carriers. You will see a lot more in the third quarter,â said Roy Chen, ARM's worldwide mobile computing ODM manager, during a press meeting in Taipei, reports IDG News Services. There are so many tablet PCs incoming that ARM even had to book the additional space at Computex Taipei trade-show to demonstrate all the products, many of which will be launched by small companies that can hardly efficiently advertise their devices and do not have an established brand among consumers.
19:59
Sunâs open source chief leaves after Oracle merger
» ‎ Hack In The Box (general)

Sun's chief open source officer, Simon Phipps, has left the company following its acquisition by Oracle, the executive announced in his blog Tuesday. "Today is my last day of employment at Sun (well, it became Oracle on March 1st in the UK but you know what I mean)," Phipps wrote. "I am a few months short of my 10th anniversary there (I joined at JavaOne in 2000) and my 5th anniversary as Chief Open Source Officer." With the acquisition of Sun, Oracle is poised to become what some analysts think is the industry's most powerful open source vendor. But it will chart a new path in open source without Phipps. Phipps looks back fondly at successes at Sun, but admits some regrets for goals left unaccomplished. Phipps wrote that he and his colleagues "achieved some amazing things" such as changing Sun's attitude toward open source, kick-starting the "corporate blogging revolution" with Blogs.Sun.com, and releasing software such as Java under free licenses.
19:58
Turkish police detain 23 PKK hackers in 13 provinces
» ‎ Hack In The Box (general)

Police have detained 23 suspects in operations in 13 provinces, charging them with membership in a terror organization and attacking public institutionsâ Web sites, the daily Radikal reported Wednesday. The suspects, allegedly members of the outlawed Kurdistan Workersâ Party, or PKK, were taken to Diyarbak?r for questioning. The investigation of this case was still continuing when the Daily News went to print. A hacker team for the outlawed organization was captured previously, but the members reorganized and attacked roughly 300 Web sites belonging to public institutions.
19:57
Reader exploit prompts Adobe update alert
» ‎ Hack In The Box (general)

Users of Adobe PDF Reader should check they are running the latest version of the software after the discovery of an exploit that takes advantage of a serious flaw patched only three weeks ago. According to Microsoft's Threat Research and Response blog, its researchers have discovered a circulating PDF-based attack that hooks into the publicised flaw, CVE-2010-0188, to download a Trojan backdoor capable of taking control of the affected system. The warning relates mainly to Adobe Acrobat and Reader up to 9.3.0 for Windows, Apple and Unix. older versions of Acrobat and Reader, 8.2.0 (used by anyone unable to update to 9.3.x), are also affected on Windows and Apple and should be patched to 8.2.1.
19:56
Android native development kit updated
» ‎ Hack In The Box (general)

Developers of the Google-backed Android mobile application platform have released revision 3 of Android NDK (Native Development Kit), which complements Android SDK by enabling developers to build performance-critical portions of an application in native code. Release of NDK r3 was noted in a posting on the Android Developer Blog on Monday. Version 3 includes OpenGL ES (Open Graphics Library for Embedded Systems) 2.0 native library support. Also featured is a sample application making use of OpenGL ES 2.0 vertex and fragment shaders. "[OpenGL ES 2.0] brings the ability to control graphics rendering through vertex and fragment shader programs using the GLSL shading language," said David Turner, a member of the Google technical staff, in the Android Developer Blog.
19:52
Four over-rated security technologies
» ‎ Hack In The Box (general)

The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with? CSOonline.com recently conducted an unscientific survey on the matter, asking those questions to a variety of security forums on LinkedIn and following it up with e-mails and phone conversations. What follows are four technologies several cited as overrated in today's security fight. We'll follow up next week with security technologies many believe are underrated. It's safe to predict that some of the technologies on this list will also appear there.
19:51
The top 10 geek anthems of all time
» ‎ Hack In The Box (general)

Geeks rock. When Buddy Holly jerked onstage as a bespectacled counterpoint to the pelvis-swiveling cool of Elvis, it carved out a spot in rock and pop music for the kids more inclined to admire Stephen Hawking than Steven Tyler or Bill Gates than Billy Idol. The South by Southwest Interactive conference kicks off Friday in Austin, Texas, offering up as pure a convergence of geek and rock sensibilities as you're apt to find. Started in 1987 to showcase Austin's burgeoning alt-rock scene, South by Southwest added interactive and film gatherings in 1994.
19:50
LED lights may be the future of broadband
» ‎ Hack In The Box (general)

German scientists say they've created a data connection that uses light produced by lamps to encode a wireless broadband signal. The researchers, led by Jelena Vucic of the Fraunhofer Institute for Telecommunications at the Heinrich-Hertz-Institute in Berlin, say getting a broadband connection might be as simple as turning on a lamp. Currently, most wireless connections are achieved through a radio-frequency WiFi connection. But the scientists say WiFi has limited bandwidth, and it's unclear where to find more in the already-crowded radio spectrum. By contrast, they say visible-frequency wireless has all the bandwidth one could want.
19:49
Our Apps Are Vulnerable -- And Constantly Attacked
» ‎ Hack In The Box (general)

If you worry that your organization's applications are vulnerable to attack, then you're not alone, according to study results released yesterday. In a survey at the RSA Conference 2010 in San Francisco last week, researchers from security vendor Fortify found that most security pros are stressed about potential attacks on their apps. In fact, 73 percent of respondents thought the applications in their companies had vulnerabilities that hackers could exploit. In fact, most agreed it would be "ignorant" to say they didn't. Twenty-six percent said they either did not know the answer or did not want to disclose the information.
19:49
'Jihad Jane' Exposes Web's Dark Side
» ‎ Hack In The Box (general)

News flash: Terrorists are using the Internet to communicate and recruit fresh blood to their ranks. OK, not exactly news, and certainly not a revelation to anyone who frequents this site. Hard to believe it's been almost a year since Shannen Rossmiller outlined her own online jihadi-hunting ventures on IE Radio, and talked about the dark side of the global phenomenon that is the Internet. Women and terrorism are back in the headlines again this week, but on the opposite side from where Rossmiller sits. Colleen "Jihad Jane" LaRose was formally charged this week with agreeing to carry out murder overseas and providing material support to terrorists and using email, YouTube videos, and phony documents to get the job done.
19:48
New Zealand's internet filter goes live
» ‎ Hack In The Box (general)

The Department of Internal Affairs' (DIA) internet filter is now operational and is being used by internet providers (ISPs) Maxnet and Watchdog. Thomas Beagle, spokesperson for online freedom lobby Tech Liberty says he's "very disappointed that the filter is now running, it's a sad day for the New Zealand internet". He told Computerworld the filter went live on February 1 but DIA has delayed announcing that until it held a meeting with its Independent Reference Group. He says he's disappointed the launch was conducted in such a "stealthy mode". The manager of the Department of Internal Affairs' Censorship Compliance Unit, Steve O'Brien, denies any subterfuge in the launch, saying the trial has been going on for two years and that has been communicated to media for "quite some time".
19:47
12% of employees knowingly violate company IT policies
» ‎ Hack In The Box (general)

By now, it's practically a mantra that the biggest problem with corporate IT security is the employees themselves. However, we usually assume that's due to ignorant users or poorly enforced policies. Not so for a chunk of the US working populationâaccording to a survey conducted by Harris Interactive, 12 percent admitted to knowingly violating IT policy in order to get work done. The survey of 1,347 employed adults was conducted on behalf of Fiberlink, a company that hawks services that "help enterprises connect, control and secure laptops and mobile devices." Needless to say, the survey results fit perfectly into the company's agenda, but they are hardly surprising. After all, how many of us know someone who has left a work laptop in an unattended vehicle, sent unencrypted e-mails without permission, or reused the same three passwords over and over instead of choosing new ones every 90 days?
19:46
F-Secure: Hackers love to exploit PDF bugs
» ‎ Hack In The Box (general)

Hackers adore Adobe Reader, and have pushed it into first place as the software most often exploited in targeted attacks, a Finnish security company said today. Helsinki-based F-Secure also urged users to update to the newest version of Reader to protect themselves against new attacks taking advantage of a vulnerability patched just three weeks ago. According to F-Secure, 61% of the nearly 900 targeted attacks it's tracked in the first two months of 2010 exploited a vulnerability in Reader, Adobe's popular PDF viewer. By comparison, Microsoft's Word was exploited in just 24% of the attacks, and bugs in its Excel spreadsheet and PowerPoint presentation maker were leveraged only a combined 14% of the time.
March 09, 2010
19:28
Building a Linux Incident Response / Forensic Disk
» ‎ Hack In The Box (general)

There are many Linux distributions readily available. This however should not stop you creating your own version of a UNIX forensic tools disc. Whether you are on Solaris, HP-UX or any other variety of UNIX it is simple to create a forensic tools CD that can go between systems. The added benefit of this method is that the tools do not need to be left on the production server. This in itself could be a security risk and the ability to unmount the CD and take it with you increases security. The ability to create a customized CD for your individual system means that the analyst can have their tools available for any UNIX system that they need to work with. It may also be possible to create a universal forensic CD. Using statically linked binaries, a single DVD or CD could be created with separate directories for every UNIX variety in use in the organization that you are working on. For instance, the same CD could contain a directory called â/Solarisâ which would act as the base directory for all Solaris tools. Similarly, base directories for Linux (/Linux), HP-UX (/HPUX10, /HPUX9) and any other variety of UNIX in use in your organization could be included on the same distribution allowing you to take one disk with you but leaving you ready at all times.
19:27
UK still lousy on electronic nosiness
» ‎ Hack In The Box (general)

A new report highlights a depressingly consistent drift towards ever greater control of the population using new technologies. There are few surprises in the 2010 report, entitled The Electronic Police State, issued yesterday. It shows Russia and the United States within a couple of points of each other when it comes to electronic policing and surveillance, North Korea just overtaking China to gain top prize, and the United Kingdom leading the rest of the West â after the US. The report's authors at CryptoHippie do, of course, have a product to shift. It is a US-based company providing what it describes as "superior privacy enhancing technologies". However, it has also been putting a regular toe in the water to test the degree of electronic surveillance going on worldwide, and while it may not be the most unbiased of observers, it is at least producing a consistent data stream that allows the rest of us to debate the issues and monitor trends.
19:27
Five Best VPN Tools
» ‎ Hack In The Box (general)

VPN software brings the security of a private network to an insecure network, and allows you to access private local networks from anywhere. As we've explained in the past, you can do things between computers on your local network you can't from out on the internet: like listen to a shared iTunes library or access files in shared folders. Virtual private network applications give you access to your computer from anywhere on the internet as if you were home on your local network. Earlier this week we asked you to share your favorite software for establishing and maintaining virtual private networks. We rounded up the votes, and now we're back with the five most popular VPN applications. If you're new to the idea of virtual private networks, you can read up on the technical nitty-gritty at the Wikipedia entry for VPNs. Note: This Hive Five contains both VPN server applications (the apps that create virtual private networks on your local network so it's accessible from the outside world) and VPN client applications (the apps that connect to virtual private networks from the outside world). In many instances companies produce VPN servers, VPN clients, VPN servers with accompanying clients, or VPN clients that are designed to work with a variety of servers.

Skip to page: 1 2 3 ... 114

← Free Kareem! Mideast Youth - Thinking Ahead →

GV Menace » Hack In The Box

Feeds

Hack In The Box (50 unread)