spacer



spacer
 ::  hitb portal  ::  hitb portal (SSL)  ::  hitb forum (SSL)  ::  hitb security conference  ::  hitb training ::  hitb irc  ::  hitb photos  ::  hitb videos :: 

HITB Search:
Who's Online
There are 125 unregistered users and 0 registered users on-line.

You can log-in or register for a user account here.



Top Stories for Today
No articles

View the Top 50 articles

Main Menu
· Home

Sub Menu
· Latest Comments
· HITB@AvantGo
· HITB@Tradepub
· HITB E-Zine Archive
· HITB Merchandise
· HITB Lite
· HITB GFX
· Members List
· Recommend Us
· Search
· Stats
· Contact Us
· Top 50

Top 20 of the Last 2 Weeks
[5013] Windows Vista 6.0.6000 available for download

[1890] Top 10 Signs You Have an Insecure Web App

[1444] Vista vs Leopard

[1342] Gamers Are Thrilled By The PlayStation 3

[899] The PS3 Dissected

[728] Apple ditches "Mac Guy" in new ads

[722] Hacking Skype In & Out

[718] Intercepting cellphone calls really is child's play

[669] Is Google evil?

[665] Review: Full-Disk Encryption Suites

[634] The Top 7 Free Utilities To Maintain A Mac.

[611] Man arrested with $78,000 and info on nuclear materials

[611] Make Ubuntu look like OSX

[517] PlayStation 3 launches in Japan

[500] How computers will change the world by 2056

[483] Islamic hackers again fail to disrupt Vatican web site

[460] Microsoft to post 6 patches next week

[444] Websense picks apart source code of malware written by Russian hackers

[426] Eight daily steps to a more secure network

[422] Inside the Hacker's Profiling Project


E-Zine Archive
Issue #1 - #37
Issue #38

Past Articles
Friday, November 17
·OS X Threat Landscape Document
·Inside the mind of kernel hacker LMH
·Gartner worried criminals will use PS3 to crack crypto
·Security firms clash over phishy e-mails
·Apple's iPhone to arrive in early 2007 with 2MP camera
·Dell refunds Linux users who ditch XP
·Arstechnica reviews Microsoft Zune player
·UK ATMs hacked using MP3 player
· Make Ubuntu look like OSX
·Ballmer: Linux users owe Microsoft
·Networking exec blasts wiretapping rules
·Google on way to being No. 1 Web site: Citigroup
· Purdue Researchers Pioneer Streaming Huge Internet Video
·Wii and PS3 go head to head
·German security firm warns of eavesdropping cell-phone virus
·Security vendor settles charges after getting hacked
·Exploits Surface For Critical Microsoft Bug
Thursday, November 16
·The Top 7 Free Utilities To Maintain A Mac.
·Zune is incompatible with Vista
·Malware goes to the movies
·Wikipedia unblocked in China after year-long ban
·BT buys service provider Plusnet
· Apple offers UK customers 0% finance on new Macs
·Dubai's annual IT extravaganza starts Saturday
·Hackers breached French anti-doping lab
·The devil in the metadata
·Intel quad-core chips hit the streets
·WiMax Is Gathering Momentum, On Its Way To 20 Million Users
·Sun Makes Java Tech. Open-Source Project
·Former HP chairman pleads not guilty
 Older articles

Packet Storm Security Latest
· MDKSA-2006-214.txt
Mandriva Linux Security Advisory MDKSA-2006-214 - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
· mosreport-rfi.txt
MosReporter Joomla Component remote file inclusion exploit.
· USN-383-1.txt
Ubuntu Security Notice 383-1 - Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library.
· OpenPKG-SA-2006-036.txt
OpenPKG Security Advisory OpenPKG-SA-2006.036 - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng, versions 1.0.6 through 1.2.12 and 1.0.20. The bug is in the decoder for the sPLT ( suggested palette ) chunk and can lead to crashes and, accordingly, a DoS, when an application using libpng for PNG processing displays a specially crafted PNG image.
· OpenPKG-SA-2006-035.txt
OpenPKG Security Advisory OpenPKG-SA-2006.035 - As undisclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the CommandBufferSize directive is explicitly used in the server configuration -- which is not the case in OpenPKG's default configuration of ProFTPD.
· cpanel10-xss2.txt
CPanel version 10 is susceptible to cross site scripting attacks via the network tools.
· CAU-2006-0001.txt
Myspace.com's navigation menu can be replaced with a malicious menu via CSS code in the attacker's profile.
· CA-kmxstart-exploit.zip
Local privilege escalation exploit for the kmxstart.sys Computer Associates Host Intrusion Prevention System engine driver version 6.5.4.10.

HITB is
spacer

Upcoming Events

spacer
Advanced Banking Application Security - ABAS
ONLY 6 SEATS LEFT!

spacer
Zone-H Hands on Hacking 2
ONLY 8 SEATS LEFT!


Secret Service Arrests ID Thief
Posted by l33tdawg on Saturday, November 18, 2006 - 04:12 AM (Reads: 173)
spacer Source: International Business Times



The Secret Service has arrested one of its most-wanted fugitives on charges he and his partner stole identities to take more than $1 million from victims in several Southern states. The Secret Service arrested Matthew Bevan Cox on Thursday in Nashville. Authorities put out a warrant for Cox and Rebecca Marie Hauck in 2004. Hauck was arrested in March while living under a stolen identity in Houston. Prosecutors say Hauck and Cox rented properties, fraudulently erased mortgage liens on the properties and then stole the owners' identities and fraudulently took out multiple new mortgage loans. They also used stolen identities to obtain drivers licenses, purchase vehicles, lease mail drops, rent apartments and open bank accounts to receive proceeds from their schemes in Georgia, Florida, Alabama, South Carolina and North Carolina, authorities said.

[0 comments posted]
[ spacer spacer ]

Intercepting cellphone calls really is child's play
Posted by l33tdawg on Saturday, November 18, 2006 - 04:11 AM (Reads: 718)
spacer Source: IT Wire



German security company, SecurStar, claimed to have uncovered the first serious threat to the security of cellphone conversations, saying that "Simply by sending an invisible and unnoticeable SMS message to a particular cellphone, spying on cell phone users has become child's play." I suggested that the security of mobile phones had long been compromised by the development of IMSI- catchers, hardware devices that intercept GSM calls over the air and exploit weaknesses in the GSM encryption algorithm. Wifried Hafner, CEO of SecurStar responded to this, telling me: "Yes IMSI catchers have been around for several years but it is not easy to get such equipment and monitoring cannot be made by just anyone." I also queried his claim that interception is 'child's play' since he had given no indication as to how the call is retrieved from the compromised phone. It does indeed appear to be child's play.

[0 comments posted]
[ spacer spacer ]

Universal Music sues MySpace for property rights violations
Posted by l33tdawg on Saturday, November 18, 2006 - 04:10 AM (Reads: 77)
spacer Source: Yahoo! News



Universal Music Group has filed a suit against leading Internet social networking site MySpace for violating copyrights of artists Universal represents, MySpace has said. Universal, a division of French media giant Vivendi Universal, filed the complaint against MySpace, a unit of News Corp, in the federal court in Los Angeles, where News Corp and MySpace are both located, MySpace spokesman Jeff Berman told AFP. MySpace, which hosts hundreds of thousands of personal web pages and diaries that can carry text, video and sound features, defended its content Friday, noting it is a free website and that it makes efforts to abide by the US DMCA.

[0 comments posted]
[ spacer spacer ]

How to protect your privacy online
Posted by l33tdawg on Saturday, November 18, 2006 - 04:06 AM (Reads: 146)
spacer Source: stuff.co.nz



You're not nearly as anonymous as you think you are online. Even if your computer is completely free of spyware, trojans and viruses, your personal information still follows you from website to website. This isn't necessarily a bad thing. If your computer wasn't partly identifiable, there would be no way to get web pages, movies, podcasts or e-mails to you. It's often a good thing too that some sites recognise your computer and tailor what they display especially for you, like shopping sites you regularly visit. But there's a fine line between what a site needs to know and invading your privacy. In the worst case, it could be possible for a site to compile a profile of you and your habits over time, possibly even including your name, location and e-mail address. Some companies exist solely to build up profiles like this and sell them for marketing purposes.

[0 comments posted]
[ spacer spacer ]

Netgear Wireless Flaw Comes To Light
Posted by l33tdawg on Saturday, November 18, 2006 - 04:05 AM (Reads: 130)
spacer Source: CRN



Security researchers from the Month of Kernel Bugs (MoKB) project have dished up details on another critical wireless device driver vulnerability, this one affecting a popular Netgear wireless product. A vulnerability has been identified in the device driver for the NetGear WG111v2, a $49.95 wireless USB adapter, that could allow a remote attacker to gain complete control over a vulnerable PC, Symantec said Thursday in a bulletin to Deepsight subscribers. The vulnerability affects version 5.1213.6.316 of the WG111v2.SYS driver, and other versions may also be affected, Symantec said. At press time, Netgear had not released an updated driver to address the issue. Security researcher HD Moore of the Metasploit Project discovered the Netgear vulnerability and has released an exploit module.

[0 comments posted]
[ spacer spacer ]

Man jailed for UK's first 'web-rage' attack
Posted by l33tdawg on Saturday, November 18, 2006 - 04:03 AM (Reads: 80)
spacer Source: stuff.co.nz



A British man said to have carried out the country's first "web-rage" attack was jailed for 2? years on Friday for assaulting a man with whom he had exchanged insults over the internet. Paul Gibbons, 47, from south London, admitted he had attacked John Jones in December 2005 after months of exchanging abuse with him via an Internet chat room dedicated to discussing Islam. London's central criminal court heard that Gibbons had "taken exception" to Jones, 43, after Jones alleged that Gibbons had been "interfering with children". After several more verbal and written exchanges, during which Jones threatened to track down Gibbons and give him a severe beating, Gibbons and a friend went to his victim's house in Essex, east of London, armed with a pickaxe and a machete.

[0 comments posted]
[ spacer spacer ]

AMD in Apples?
Posted by l33tdawg on Saturday, November 18, 2006 - 03:59 AM (Reads: 114)
spacer Source: Bits of News



The Taiwanese publication DigiTimes is reporting on rumors that a new AMD-based Apple notebook may be on the way. According to the technology site, Taiwanese component makers are reporting an large increase in orders for capacitors for use in a new Apple laptop with AMD inside. Resourceful hackers have already documented that Apple's operating system, OS X Tiger, is fully capable of running on AMD chips. But so far Apple's switch from PowerPC processors to the x86 architecture has been an exclusive switch to Intel. The recent merge between AMD and long time Apple partner ATI might have brought AMD powered Apples closer, and AMD chief executive Hector Ruiz claimed, back in September, that Apple would eventually start using AMD microprocessors along with those from Intel.

[0 comments posted]
[ spacer spacer ]

Bosses get into 007 gadgets
Posted by l33tdawg on Saturday, November 18, 2006 - 03:58 AM (Reads: 100)
spacer Source: ZDNet



It's not just James Bond who gets to play with all the cool gadgets. More and more business executives are investing in secret agent-style hardware to make sure their top-secret company plans stay under wraps. Bug-detectors disguised as fountain pens, keyboards that can secretly record everything typed on them, and clock radios with hidden cameras--devices once only of interest to spies--are now being bought by company chiefs who fear they are being spied on. "The majority of the customers are buying countersurveillance equipment," said Julia Adams, director of surveillance gadget store Spymaster. "The majority are concerned with what is being leaked. They want to make sure they aren't being bugged and that the competition isn't listening." Some executives carry pocket-size bug detectors when they are in meetings, on their own premises or elsewhere, that vibrate if they pick up on eavesdropping equipment.

[0 comments posted]
[ spacer spacer ]

Trend Micro Mobile Security 3.0 released although nobody needs it
Posted by l33tdawg on Saturday, November 18, 2006 - 03:58 AM (Reads: 67)
spacer Source: MS Mobile



Trend Micro Advances Security for Smartphones and other Data-Centric Devices New Version of the award-winning Trend Micro Mobile Security stops malware and helps prevent unwanted intrusions and data leakage through new Firewall and Intrusion Detection technology Trend Micro, Incorporated announced the addition of new security features within the award-winning Trend Micro Mobile Security. Trend Micro Mobile Security 3.0 adds protection against hackers and intrusions while improving on the previously available mobile malicious code protection for mobile malware and SMS spam.

[0 comments posted]
[ spacer spacer ]

Rootkits, Polymorphics Turn Threats Tougher In 2006
Posted by l33tdawg on Saturday, November 18, 2006 - 03:57 AM (Reads: 89)
spacer Source: Information Week



Toughened threats have been the hallmark of this year's security scene, a prominent security researcher said Friday. "They just got tougher this year," said Oliver Friedrichs, the director of Symantec's security response team. "They're harder to detect and harder to remove. "And they're harder for individuals to detect themselves. In the past, users could find a malicious file themselves, an errant key in the registry, or a process running in Windows," Friedrichs said. "Now threats are less likely to show up there and more likely to be hidden
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.