GV Menace » Hack In The Box

« Expand/Collapse

Hack In The Box (48 unread)

March 18, 2010
20:02
When Security Fails, Who Are You Going to Fire?
» ‎ Hack In The Box (general)

Two recent unrelated news stories struck me as indicative of a fundamental problem with IT security: We seem to favor looking at symptoms over finding the root cause of problems. The first story was nearly comical for the effort that was expended to pin blame. Back in December, the Conficker virus infected 3,000 computers on the network of the Waikato District Health Board , which encompasses all of the hospitals in a district that accounts for 10% of New Zealand's population. Officials claimed that emergency operations were not affected, but the district hospitals requested that only true emergencies be referred to them. Certainly, it is critical that steps be taken to assure that nothing like this ever happens again. I just don't agree that an effective response would include a three-month investigation into the incident . The report came in this month, and, believe it or not, they say they found the source of the infection. According to the report, someone plugged an infected USB drive into a computer in a parking garage tollbooth, bringing multiple hospitals to a near standstill for three days.
20:02
Be prepared for the year of mobile malware
» ‎ Hack In The Box (general)

The number of types of attack on mobile devices may not be growing, but circumstances are conspiring to create a genuine threat, says Rik Ferguson. The rise in threats to mobile devices is definitely real, although still a long way from reaching epidemic proportions. The real message for the coming months is about preparedness. There were a limited number of new threats in 2009, but a significant increase in their complexity and criminal intent. Signs are that consumer acceptance of mobile phone-based financial activity is now mainstream, with handset banking applications even being advertised on primetime television.
20:01
Two Madoff computer admins indicted
» ‎ Hack In The Box (general)

Two former computer administrators who worked for convicted financial fraudster Bernard Madoff's investment firm were indicted this week on charges of conspiracy and falsifying financial records. Jerome O'Hara, 47, of Malverne, N.Y., and George Perez , 44, of East Brunswick, N.J., each face a maximum of 30 years in prison if convicted on all charges. A statement released yesterday by the U.S. Attorney's office for the Southern District of New York said the two men started working for Bernard L. Madoff Investment Securities, LLC (BLMIS) in the early 1990s. Both O'Hara and Perez were responsible for maintaining computer programs that supported Madoff's investment advisory business.
20:00
Why Apple should buy Adobe
» ‎ Hack In The Box (general)

Quick - which Silicon Valley icon creates the computers that creative professionals love? And what SV company creates the software that creative professionals crave? Right: Apple and Adobe. So why are they 2 separate companies? Thereâs no good reason, especially now that Adobeâs management canât figure out how to grow the company. Apple, with over $30 billion in cash, could buy Adobe outright, whose market cap is about $18 billion. A cash and stock offer would also make Adobe shareholders happy. Apple prefers small, bite size acquisitions. But Apple is a big company: their market cap is 10x Adobeâs. Integration wouldnât be hard: the 2 companyâs headquarters are a 15 minute drive down I-280. Steve could oversee both. A quicker drive than to Pixar up in E-ville.
20:00
RSA Reveals Zeus Trojan Cyber-Crime Infrastructure
» ‎ Hack In The Box (general)

Researchers in EMCâs RSA security division have uncovered an extensive infrastructure propping up the attackers behind the Zeus Trojan. The findings reflect part of the reason the disruption of Troyak-AS on 9 March only caused Zeus traffic to slow, as opposed to stopping it in its tracks. Troyak is just one part of a larger cyber-crime infrastructure helping to provide âbulletproofâ hosting to attackers. âIn light of our findings, AS-Troyak appears to be a piece in an intricate puzzle of networks that are used for malicious purposes,â RSA said yesterday. âWe suspect that the purpose of these networks is to connect an armada of eight malicious, bulletproof malware-hosting facilities to the internet, assuring their constant online presence.â
20:00
Fake MacBook Air, 'big IPhone' Tablet on Show in China
» ‎ Hack In The Box (general)

A knock-off MacBook Air running Windows, a tablet computer shaped like a big iPhone and another tablet meant to rival Apple's iPad were all among the devices shown off by a small Chinese gadget maker on Thursday. Teso, a gadget design outfit in the freewheeling southern Chinese city of Shenzhen, has already sold its MacBook Air look-alike for more than a year and is preparing for sales of its tablets, said a company official surnamed Wu. The tablet shaped like an iPhone uses the hit Apple phone as a model for details down to the curves on its black rear shell and the single circular button below its screen. But it uses an Intel Atom microprocessor and its screen measures 10 inches, similar to the 9.7-inch screen on Apple's upcoming iPad.
20:00
Enterprises Adopting Cloud Faster Than Traditional IT
» ‎ Hack In The Box (general)

Cloud computing, a method of delivering resources such as applications through the internet is still not universal, but it is gradually gaining momentum. Rob Lovell, chief executive at ThinkGrid, has claimed that the growing awareness of how this technology works is leading more companies to roll out applications based on this model. Mr. Lovell suggested that key ways of increasing interest are by ensuring it is not built up as an intimidating project, that it is not allowed to become disruptive and is easy to understand, Broadband Choice states. He said: "People will flock to get it because it offers so many more benefits than having your computers and your net servers in your office."
20:00
The top 6 enterprise issues for Windows Phone 7
» ‎ Hack In The Box (general)

Sometime in the next few weeks, Microsoft will reveal features, services and shortcomings for Windows Phone 7 in the enterprise. It will be one of those good news/bad news moments for corporate IT departments. So far, Microsoft's mobile platform executives have hammered at the consumer focus for the radically redesigned Windows Phone operating system. At this week's MIX10 Web developer conference, where details of the Windows Phone platform and development tools were unveiled, executives sidestepped, minimized or deflected nearly every question about how and how well the operating system will play in business mobility. "Not all the enterprise elements are being disclosed here," says Todd Brix, senior director, product management, for Microsoft's mobile communications business. "More will be coming up later in the spring."
20:00
Judge Approves $9.5 Million Facebook âBeaconâ Accord
» ‎ Hack In The Box (general)

A federal judge on Wednesday approved a $9.5 million settlement to a class action lawsuit challenging Facebookâs program that monitored and published what users of the social networking site were buying or renting from Blockbuster, Overstock and other locations. The case concerned allegations Facebookâs now defunct âBeaconâ program breached federal wiretap and video-rental privacy laws. Terms of the settlement, in which Facebook denied any wrongdoing, require the site to finance what the deal calls a âDigital Trust Fundâ that would issue more than $6 million in grants to organizations to study online privacy.
20:00
Apple has pre-sold "hundreds of thousands" of iPads
» ‎ Hack In The Box (general)

Apple is on pace to potentially sell more iPads in its first three months than it sold iPhones in the three months after the touch-screen handset made its debut back in 2007, people familiar with the company's running sales totals say. Since going on sale for pre-order last Friday morning, customers have purchased "hundreds of thousands of the device," those same people told The Wall Street Journal. By comparison, Apple sold roughly 1.2 million iPhones in the three months following its June 29, 2007 launch. Meanwhile, the newspaper claims that Apple is 'racing' to tie up a broad number of content licensing deals before the iPad officially hits the market in under three weeks. In particular, the company is trying to convince television networks to drop the price of TV shows that users would downloaded directly to the device.
20:00
20 Cell Phones That Leak the Most Radiation
» ‎ Hack In The Box (general)

Way back in 2000, I introduced CNET's Cell Phone Radiation Chart, which let readers know how their particular model rated in terms of SAR or specific absorption rate levels, measured by the FCC as part of its cell phone certification process. Today, the list is maintained by our intrepid mobile editors--Kent German, Bonnie Cha, and Nicole Lee--but in honor of the list's 10-year anniversary, we're giving it a little color and displaying the whole thing in pictures. As we note in our intro to the list, for a phone to pass FCC certification and be sold in the United States, its maximum SAR level must be less than 1.6 watts per kilogram. In Europe, the level is capped at 2 watts per kilogram, whereas Canada allows a maximum of 1.6 watts per kilogram. The SAR level listed in our charts represents the highest SAR level measured with the phone next to the ear as tested by the FCC. It's possible for the SAR level to vary between different transmission bands (the same phone can use multiple bands during a call), and different testing bodies can obtain different results.
20:00
Data Breaches Are Heaviest at Hotels
» ‎ Hack In The Box (general)

Hackers are now stealing credit-card data from hotels more often than any other industry, according to data-security companies. In a recent report, SpiderLabs, a unit of data-security firm Trustwave, said 38% of its data-breach investigations in 2009 occurred at hotels. Financial services accounted for 19% of the company's data-breach investigations. Once an attack occurred, it took an average of 156 days for the business to realize it, according to the report. The problem has continued into 2010, says Nicholas Percoco, senior vice president of Trustwave and head of SpiderLabs. Verizon Business, another data-security firm, noticed a similar increase in attacks on hotels starting around last April, says Dave Ostertag, manager of investigative response at Verizon Business, a unit of Verizon Communication Inc.
20:00
$45,582 telephone bill traced back to Somalia
» ‎ Hack In The Box (general)

It only took 12 hours for a hacker to run up $45,582 in telephone charges for a local furniture company. More than 10,000 minutes of phone calls were made from the phones at Sherrill Furniture on Highland Ave. NE from 9 p.m. on Friday, March 5 to 9 a.m. the following day. The company reported the security breach to police Tuesday and the preliminary investigation revealed that the phone calls originated in Somalia. Investigators know that calls were made to Austria, Bulgaria, France, Korea, and the Philippines. "We're not sure why the calls were made," said Capt. Thurman Whisnant of the Hickory Police Department.
20:00
French rail service SNCF closes web security hole
» ‎ Hack In The Box (general)

A WEB security loophole allowing hackers to access the personal details of thousands of rail passengers has been closed after it was uncovered by a newspaper. The SNCF has been aware of the flaw since June 2008, according to Le Canard EnchainÃ©, which received a leaked internal memo from then warning of a "possible misuse of customer data". A hacker showed how easy it was to access the name, address, telephone number and date of birth of customers registered on www.voyages-sncf.com - all that was needed was one person's railcard number. The Canard says this data is very valuable - fetching between â¬8 and â¬20 per person when sold on to other companies for marketing purposes.
20:00
If The Hat Is Blackâ¦
» ‎ Hack In The Box (general)

Much of cybersecurity is based on thinking like criminals. Security consultants, pen testers and software experts make our computers safer based on their expectations of what a hacker will do. One security expert, Robert Hansen, CEO of SecTheory, is bridging the gap between the blackhat and the professionals. Hansen has been spending months delving into the world of the blackhat. Gaining their trust, he has been able to have candid conversations about hacking and security with the experts. He then blogs insights gained from these conversations. Hansen is trying to better understand the tactics, mindsets and motivations of a cyber hacker. In a recent post, Hansen says that most hackers do acknowledge that security features are doing well to make cyber crime harder.
20:00
High-tech copy machines a gold mine for data thieves
» ‎ Hack In The Box (general)

Want to know what expenses your boss claimed last month? How much your colleague makes? What the co-worker down the hall is really working on? Forget about hacking their computers â you might want to hit the nearest photocopier instead. Turns out the newfangled, multi-purpose copy machines in your office keep a wealth of copied data on a hard drive that anyone can hack. In the age of everything digital, the photocopier is probably the one workplace item you never thought to worry about. It's just making a copy of a document, right? How risky could that be? Very risky, as it turns out. You might want to press cancel on the copy machine right about now.
20:00
Faux Facebook emails use password reset ploy
» ‎ Hack In The Box (general)

A widespread phishing campaign is making the rounds that claims to be from Facebook but is meant to infect victims' PCs, researchers said. The fraudulent emails arrive with a note stating that the recipient's Facebook password was changed and they can find the new one in an attached ZIP file, said Dave Marcus, security research and communications manager at McAfee Avert Labs, in a blog post. The malicious attachment actually contains an assortment of malware, depending on the message, including trojans and rogue anti-virus programs, he said. The scam is global in its reach and, as of Wednesday afternoon, the malware contained in the phishing run ranked as the sixth most prevalent global virus that McAfee was tracking. It is possible that machines compromised with the Cutwail or Rustock botnets are delivering the spam messages, Marcus said.
20:00
Fired CISO says his comments never put data at risk
» ‎ Hack In The Box (general)

Robert Maley was fired from his job as the chief information security officer for the state of Pennsylvania earlier this month after he spoke, without proper authorization, about security incidents involving the state during a panel discussion at EMC Corp.âs RSA trade show. References he made to a security incident involving the online driving test system at the Pennsylvania Department of Transportation in particular were believed to have led to his termination. A state spokesman has not commented, citing privacy rules, except to confirm that Maley is no longer employed by the commonwealth. In this interview, Maley gives his side of the events that led to his dismissal.
20:00
UBC student union considers police investigation for fraudulent votes
» ‎ Hack In The Box (general)

After six weeks and $42,000, the UBC Alma Mater Society student union elections may become a police matter following a meeting of the council last Monday regarding the hacked election. AMS president Bijan Ahmadian confirmed the student union's council asked UBC general manager Ross Horton to contact the police in hopes of identifying the hacker or hackers responsible for tampering with the election. The AMS election was held entirely online. An estimated 731 of the 6,900 votes cast in January's election were deemed to be fraudulent. Following the discovery of the fraud, a private company was hired to investigate.
20:00
TippingPoint: IE8, iPhone will fall first day
» ‎ Hack In The Box (general)

Microsoft's Internet Explorer 8, not Apple's Safari, will be the first browser to fall in next week's Pwn2Own hacking challenge, the contest organizer said today. Aaron Portnoy, security research team lead with 3Com TippingPoint, the sponsor of Pwn2Own, also predicted that Apple's iPhone will be the only smartphone hacked during the contest, which starts March 24. Portnoy, who organized the fourth annual Pwn2Own, changed his predictions from earlier bets he made a month ago because of new information he received from researchers who have registered for the contest. Previously, Portnoy said that Apple's browser would crumble before rivals from Google, Microsoft and Mozilla; he had also declined to speculate on which mobile phone, if any, would collapse under attack.
20:00
Europe 'vulnerable to cyberattack'
» ‎ Hack In The Box (general)

European governments are not doing enough to improve online security â leaving the entire continent vulnerable to cyberattack, according to a new parliamentary investigation. A report from the House of Lords suggests that officials in Brussels have failed to boost the union's internet defences â creating a yawning gap between Nato, the EU and member states that could leave the system prone. European countries are increasingly reliant on the internet for a wide range of services â including information, communication and commerce â and the global nature of the online world means they are more closely linked to each other than ever before. Despite this, however, the report suggests that the drastic differences between security operations in each nation leaves the entire system vulnerable.
20:00
Microsoft Denies Virtual PC Vulnerability
» ‎ Hack In The Box (general)

Core Securities, a company which develops vulnerability testing software, has discovered a major flaw in Microsoft's virtualisation software which might allow hackers to exploit virtual Windows systems. Interestingly, Microsoft, which was informed about the flaw 6 months ago, refuses to acknowledge the security hole as a critical one. According to a report released by the company, Microsoft's Virtual PC, Virtual PC 2007 and Virtual 2005 are affected by a major security bug which might allow hackers to penetrate the security measures set-up by Microsoft including DEP (data execution prevention) and ASRL (address space layout randomization).
20:00
Turkish hackers disrupt Armenian Olympic website
» ‎ Hack In The Box (general)

The official website of the National Olympic Committee of Armenia (NOCA) www.armnoc.am is not working since Wednesday, March 17, when Turkish hackers disrupted it posting their flag and statements on denial of the Armenian Genocide (1915) there. Natela Hovasapyan, NOCA spokesperson, told ArmeniaNow they are not able to recover the website yet, and they have no idea how long it will last. This is not the first time when Turks or Azeris hack an Armenian website. Samvel Martirosyan, a specialist in information tampering, told ArmeniaNow that the reasons (for hacking the NOCA website) are not clear yet, adding that the site is weak and is one of dozens hacked annually.
March 17, 2010
21:26
The new disclosure debate and the evil Mr Moore
» ‎ Hack In The Box (general)

So, letâs pretend you are Rob, Mr. Head of IT, are sitting in your office on March 9th, working on your fantasy baseball draft (I hear Albert Pujols is the way to goâ¦) when one of your staff walks in and says that Microsoft has another zero-day running around. Internet Explorer 6 and 7 are vulnerable to a condition where invalid pointer that is accessed after an object is deleted. Putting on your best manager hat, you ask the hard question: âOK, what do we know?â She tells you that because you bought into the anti-Vista hype (in her head, sheâs calling you moron but she doesnât say it out loud, she isnât crazy, just proud), there isnât much that can be done currently. There were some mitigations provided, but they mainly involved Vista and Server 2003 and 2008. Now you know that your boss is going to be calling any moment and here is what you know: Something about an invalid pointer, the fact that it is âin the wildâ, a CVE number and âMicrosoft is working on itâ, you probably shouldnât tell him that Vista part. The phone rings.
21:21
Should Microsoft make IE open source?
» ‎ Hack In The Box (general)

Microsoft looks to Internet Explorer 9 to help it retain the lead in browsers, and possibly increase market share. But maybe it's time for Microsoft to try something far more radical: Make Internet Explorer open source. Microsoft is betting that IE 9's increased speed and better adherence to HTML 5 standards will stem the erosion of IE's market share. I'm not sure that's enough, though. Firefox and Chrome are gaining on IE at least in part because of the vibrant ecosystem of developers who write add-ins for those browsers. Making IE open source could help quickly build a similar ecosystem for IE, and help fend off Firefox and Chrome. In addition, if Microsoft made IE open source, it could take some of the ideas that developers come up with for the browser itself, and incorporate them into its version of the browser. Better ideas are at a premium; this would be a cheap way to get them.
21:20
New password-stealing virus targets Facebook users
» ‎ Hack In The Box (general)

Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information. The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc. If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, McAfee said on Wednesday. Hackers have long targeted Facebook users, sending them tainted messages via the social networking company's own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.
21:20
New Cybersecurity Bill Pushes Ahead
» ‎ Hack In The Box (general)

A new version of a cybersecurity bill was introduced in the Senate on Tuesday that may eliminate some opposition to the measure from the tech industry. The bill would give the president a Senate-confirmed national security advisor to lead "all cybersecurity matters," whether in defense or civilian areas, according to a summary of the bill. Cybersecurity touches just about every aspect of the United States, from military espionage and potential cyber sabotage of U.S. infrastructure to cyber bank thefts and loss of intellectual property. The new draft put out by Senators John Rockefeller and Olympia Snowe reflects consultation with industry groups and some changes to lessen tech industry opposition, said James Lewis, a technology expert with the think-tank Center for Strategic and International Studies.
21:19
Apple to ban film-based screen protectors from company stores
» ‎ Hack In The Box (general)

Consumers seeking a protective film for the screen on their iPhone, iPod, iPad or Mac will soon have to look outside of Apple's retail stores, which will soon halt sales of the accessories indefinitely. Citing sources at a number of iPhone and iPod accessory makers, iLounge claims that Apple has been in dialog with these vendors for "some time now" regarding the impending ban. "Apple has said that it will remove both film-only solutions from its stores, as well as any case or other accessory that includes film protection as part of its package, such as cases that include film screen protectors," according to the report. It adds that the ban -- which covers film protectors for iPods, iPhones, iPads, and Mac -- will impact all forms of screen film, "including completely clear film, anti-glare film, and mirrored film, regardless of whether the purpose of the film is protective, decorative, or both."
21:16
Open Source Developers Pick Android Over iPhone
» ‎ Hack In The Box (general)

While the Apple iPhone remains the undisputed king of mobile app downloads, Android has been winning converts among open source developers since its inception. Now, Android has made enough of a splash that it can claim more open source developers than the iPhone, according to new research by Black Duck Software. Of course, that takes into account more than just mobile apps, with libraries and other bits of software being counted. But the findings suggest that while the iPhone continues to reign in the overall number of downloadable applications, the Google-backed mobile OS may be winning fans thanks to its more open nature. Developer.com takes a look.
21:16
How Amazon powers M86âs cloud security
» ‎ Hack In The Box (general)

M86 has revealed that it was using Amazon's EC2 cloud computing platform to roll out hosted security services to its customers in Australia. M86 created a virtual instance of its web application on Amazon's EC2 platform for each customer, said Werner Thalmeier, M86's vice president of product management. "We started the prototype 18 months ago. From our point of view it was faster and most reliable way to market and the most scalable," said Thalmeier. The image is built and tested by M86, which optimises for EC2 and performs quality assurance "The customer can only pick a ready image [which] can connect to internal policy filters or use the system browser interface through an encrypted connection" and can't be spoofed, claimed Thalmeier.
20:38
Vulnerability in SpamAssassin filter module gives possible remote root
» ‎ Hack In The Box (general)

The SpamAssassin Milter plug-in which plugs in to Milter and calls SpamAssassin, contains a security vulnerability which can be exploited by attackers using a crafted email to inject and execute code on a mail server. The SpamAssassin Milter plug-in is frequently used to run SpamAssassin on Postfix servers. In order to exploit the vulnerability, the plug-in must be called with the -x expand flag. For attackers to obtain root privileges, as the author of the security advisory proclaims, the plug-in has to be started as root â something which is anyway highly inadvisable. The attack occurs via a specially crafted recipient (RCPT TO) and is therefore unable to succeed if the plug-in only receives emails addressed to defined addresses.
20:33
Blazing fast password recovery with new ATI cards
» ‎ Hack In The Box (general)

ElcomSoft accelerates the recovery of Wi-Fi passwords and password-protected iPhone and iPod backups by using ATI video cards. The support of ATI Radeon 5000 series video accelerators allows ElcomSoft to perform password recovery up to 20 times faster compared to Intel top of the line quad-core CPUs, and up to two times faster compared to enterprise-level NVIDIA Tesla solutions. The support of massively parallel computing available in the newest ATI video accelerators such as ATI Radeon HD5970 allows ElcomSoft to achieve password recovery speeds exceeding those of high-end CPUs and competing NVIDIA boards, including NVIDIA Tesla systems.
20:32
10 Ways to Improve Your Memory
» ‎ Hack In The Box (general)

Yesterday I forgot four passwords, two book titles, and one pair of pants despite sticky notes reminding me of each. Since then, I've read HowStuffWorks' suggestions on improving memory. I forgot if they worked, but let's review 'em anyway. Note that none of these methods are foolproof or ideal individually. What you really need to do is look at your lifestyle and figure out a combination that works best for you. That said, here are some suggestions...
20:30
SQL injection attacks are in decline â or are they?
» ‎ Hack In The Box (general)

According to IBM X-Force's report, SQL injection gained a lot of popularity as a flavour of the month and was then exploited to the point that there were few who didn't know what it was. And, says the company, now that awareness has saturated the industry, more websites are defending against the problem. Interestingly, however, the IBM report found a significant increase in attacks using code obfuscation, often launched using automated exploit toolkits, to hide from IT security software. You'd expect the 11% fall in SQL injection and allied attack vectors to be welcomed by the industry, but data security specialist Imperva has cast doubt on the findings.
20:29
What Are the Most Underrated Security Technologies?
» ‎ Hack In The Box (general)

Last week we looked at security technology some readers consider overvalued. This week we're back to study the other side of the coin. Here are four techniques and related technologies several cited as underrated in today's security fight. Since one security pro's miracle tool is another's waste of budget, it's no surprise that a couple of the technologies panned last week are praised here. Application security is something companies increasingly worry about, as the number of business and personal apps proliferate. Hackers are targeting everything from online banking apps to the gaming apps popular on such social networks as Facebook. Web Application Firewalls (WAFs) are among the technologies designed to reduce the risk. One of the more overlooked features of the technology is whitelisting -- the art of allowing only traffic known to be valid to pass through the gate; thus providing an external input validation shield over the application.
20:29
You don't have to be a cyber whiz to be a cyber criminal
» ‎ Hack In The Box (general)

Earlier this month, Spanish authorities and security researchers worked together to track down and capture three Spanish men behind the âMariposa botnet,â a network of almost 13 million computers across 190 countries. The breaches discovered were far-reaching. The botnet compromised systems across several Fortune 1000 companies and 40 financial institutions. At the time of his arrest, one of the botnet operators possessed sensitive information about approximately 800,000 victims. The three men, authorities said, were no computer geniuses. âThese people didnât have any advanced hacker skills,â said Sean-Paul Correll, researcher at Panda Security, one of the firms involved in the investigations. âThey just had resources available to them online and were able to take advantage of them to build this network.â
20:28
Novell Mono project brings .Net development to Android
» ‎ Hack In The Box (general)

MonoDroid, which will enable deployment of .Net-based applications on Google Android phones, is in development at Novell, with a preview release planned for August, the head of the project said Monday. The runtime project is part of Novell's Mono effort, which has been responsbile for putting Microsoft .Net-based technologies on Linux and other non-Microsoft platforms. "[MonoDroid is] Mono running on the Android, but it's also all the APIs so you can talk to the Android APIs," said Miguel de Icaza, vice president of the developer platform at Novell and leader of Mono, in an interview at the Mix10 conference in Las Vegas. There is user demand for running .Net applications on Android, de Icaza said.
20:27
Reliably auditing your cloud provider security
» ‎ Hack In The Box (general)

RSA, Intel and VMware have teamed up to bring us their proof of concept for reliably auditing and securing infrastructure cloud services. Their new solution is called the Hardware Root of Trust. One of the biggest issues with cloud services is that there's no reliable mechanism that allows cloud customers to audit their providers security when and how they want to. Cloud customers want the ability to run their own security audits, ensure that proper security measures are always in place and be able to control their security policies inside their own private cloud. To solve this problem RSA, Intel and VMware have put their heads together and come up with an interesting solution that they showcased at the RSA conference this month. Given the interest, and growing need, for solutions in this area lately I thought their proof of concept warranted some mention.
20:25
GreenPois0n: Possible Jailbreak Software for iPad / OS 3.2
» ‎ Hack In The Box (general)

The iPad is not even out yet, and weâre already getting news from the iPhone\iPodTouch jailbreak community that they are working on a jailbreak software for the iPad. p0sixninja of the Chronic Dev Team has posted a screenshot of GreenPois0n, the jailbreak software for Windows, Mac and Linux. The team is said to begin work on jailbreaking iPad with GreenPois0n as soon as iPad is out. p0sixninja, in a tweet, has asked for donation to get him an iPad so that he may bring us an iPad jailbreak solution.
20:23
U of Calgary warns patients after computer virus hits medical records
» ‎ Hack In The Box (general)

Thousands of patients at a University of Calgary clinic are being warned their personal health information could have been compromised after viruses infected a medical computer. Two types of viruses â one that can shut down a computer, the other that allows hackers to remotely control or access information â attacked the computer at the U of Câs Sunridge Medical Clinic, said Dr. Cathy MacLean, head of the department of family medicine. The university doesnât have any evidence the information was actually used for unauthorized purposes, such as identity theft, MacLean said. She doesnât believe the university was targeted. The idea of private patient information being exposed to unauthorized people, however, is a concern, MacLean added.
20:16
Apple faces increased malware risk
» ‎ Hack In The Box (general)

As cyberthreats go, none is more pronounced than the menace of new malware being written by amateur hackers and criminals to find vulnerabilities in Apple products, industry reports showed Wednesday. Apple computers have been famously safe for years from viral attacks and malware infestation that often afflicts computers with Microsoft's Windows-based operating systems. Industry analysts said this was both because of the way Macs operated and because of relatively smaller numbers involved in the global distribution of the platform. Computers using Windows operating system dominate global market.
20:14
Teenager's social network profiles stalked for credit card fraud
» ‎ Hack In The Box (general)

FRAUDSTERS are buying credit cards for cheap on the black market and then "harvesting" intimate details of teenagers from social networking sites such as Facebook to steal their identities. agerQueensland's fraud unit head, detective Superintendent Brian Hay, yesterday warned D-Day was coming for a generation who will become young fraud victims after posting too much personal information about themselves on the net. Speaking at a parliamentary inquiry into cyber crime, Supt Hay said details of 16-year-olds were being stored in "data warehouses" and the youths were regularly cyber stalked so information about them could be updated - allowing for credit cards to be established in their names when they turn 18.
20:13
Hackers attacked Colombian vote count
» ‎ Hack In The Box (general)

Unidentified hackers struck the computerized system used to transmit voting data in Colombia's legislative elections, disrupting the vote count, the private contractor responsible for the system charged Wednesday. Ivan Ribon, spokesman for Arolen, a company hired to transmit results of Sunday's voting over the Internet, told local media Wednesday that hackers struck at the moment polls closed at 2100 GMT. "Early reviews show that there were 75,000 hits a second, which does not happen even on the busiest sites in the world," Ribon told RCN radio. "That went on all night Sunday into Monday, which forced us ... in order to safeguard the integrity and confidentiality of the data, to downgrade service on Internet results," he explained.
0:04
Your new Facebook âfriendâ may be the FBI
» ‎ Hack In The Box (general)

The Feds are on Facebook. And MySpace, LinkedIn and Twitter, too. U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting. Think you know who's behind that "friend" request? Think again. Your new "friend" just might be the FBI.
0:03
Twitter tries to dodge China's firewall
» ‎ Hack In The Box (general)

Twitter is working on a way to allow Chinese users to sign up to the social networking site in their own language, a co-founder of the site said, but access to the popular site remains blocked in the country. Jack Dorsey said at a panel that Twitter is "hard at work" on allowing users to register in Chinese. Dorsey was responding to a question from Chinese avant garde artist Ai Weiwei. Ai has been an outspoken critic of Chinese authorities and their continuing efforts to impose censorship. He said he spends about eight hours a day on Twitter. "I need a clear answer, yes or no?" he said to Dorsey, who joined the conversation via satellite. "Yes, it's just a matter of time," Dorsey responded, citing limited staff and technical constraints as challenges for setting up the Chinese registration page.
0:02
Security experts warn firms of the higher risks of lower-risk flaws
» ‎ Hack In The Box (general)

Security experts have warned businesses that hackers are moving their focus from flaws designated as high risk by software vendors to flaws normally seen as lower risks. Lloyd's of London chief information security officer Marcus Alldrick said, " [Hackers] are not going for the normal high risk flaws, they're going for the medium risk ones. In the patch management cycle, the medium risk flaws are being patched later." That delay in patching is also being exacerbated by hackers combining the lower-risk flaws to create so-called blended threats, explained BT global head of business continuity, security & governance practice Ray Stanton. By combining two lower-risk flaws, hackers can cause high-risk threats to an organisation.
0:02
Microsoft Virtual PC Security Flaw Leaves Users Vulnerable
» ‎ Hack In The Box (general)

Researchers at Core Security Technologies issued an advisory today about a new security vulnerability that leaves users of Microsoftâs Virtual PC software open to attack. According to Core Security, certain versions of the Virtual PC hypervisor contain a vulnerability that allows attackers to bypass Windows security mechanisms, including Data Execution Prevention (DEP) and Address Space Layout Randomization. This means other bugs that are not exploitable when running in a non-virtualized operating system could be exploited if running within a guest OS in Virtual PC. âThe vulnerability can be exploited locally within a virtualized system to escalate privileges or remotely for code execution in combination with any client-side bug for which existing patches have not been applied or with any client-side bug for which a fix has not been developed after dismissing the bug as not exploitable or of low priority,â Ivan Arce, CTO of Core Security, told eWEEK in an e-mail. âThe vulnerability does not seem usable to escape from a virtualized OS (guest) to execute code in the context of the non-virtualized OS (host). Use of the vulnerability to implement covert inter-process communications within the virtualized OS or to establish inter-VM (virtual machine) communication have not been researched in full but are deemed possible.â
0:01
MIT building self-assembling computer chips
» ‎ Hack In The Box (general)

Researchers at MIT are working on getting computer chips to "self assemble" by coaxing molecules to arrange themselves into tiny but useful patterns, a process that could lead to microprocessors with much smaller circuit elements. In the journal Nature Nanotechnology this week, the researchers describe a process that could become an alternative to conventional photolithography, which relies on light projected onto a photo-sensitive material, as people continue to forecast the demise of Moore's Law. That observation states that the number of transistors that can be placed on an integrated circuit doubles roughly every two years. Led by Caroline Ross and Karl Berggren, both engineering professors, the scientists used electron beam lithography to create nanoscale "posts" on a silicon chip. They then deposited copolymers--large molecules of two polymers with repeating structural units--on the chip. The copolymers spontaneously linked to the posts and arranged themselves into useful patterns.

← Free Kareem! Mideast Youth - Thinking Ahead →

GV Menace » Hack In The Box

Feeds

Hack In The Box (48 unread)