http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2009-07-04 11:31:53 - Computer Security News : Someone has hacked into Bullitt County's online bank account andstolen more than $415,000 County officials held a special meeting onthe topic Wednesday night to inform residents about what happenedhttp://www.secuobs.com/revue/news/116909.shtmlhttp://www.secuobs.com/revue/news/116909.shtml 2009-07-03 20:50:16 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/116819.shtmlhttp://www.secuobs.com/revue/news/116819.shtml 2009-07-03 17:02:34 - Computer Security News : This much is clear: Someone hacked into and altered the Web sitehosted by the Mississippi River city of Quincy last fallhttp://www.secuobs.com/revue/news/116758.shtmlhttp://www.secuobs.com/revue/news/116758.shtml 2009-07-03 12:49:17 - Computer Security News : Tim Little behind the mic for his weekly dance music radio show AsherMoses July 2, 2009 - 10:40AM A Sydney radio show has been caught up ina global Michael Jackson spam storm, after its website was hijacked ina bid to infect users with malwarehttp://www.secuobs.com/revue/news/116707.shtmlhttp://www.secuobs.com/revue/news/116707.shtml 2009-07-03 11:55:06 - Risky Business : Tagline: Pew pew, you are no match for hackers with lasers, pew pewMedia URL:http://itradiocomau/security/wp-content/uploads/RB2-presentation-lasersmp3This podcast is a ripper, it's a presentation by Andrea Barisani andDaniele BiancoRB2 correspondent Paul Craig was in Hawaii last month for the ShakaConsecurity conference and he recorded this talk, which looks at sidechannel attacks using optical sampling of mechanical energy emissionsand power line leakageWhat does that mean Hackers with freakin' laser beams on theirfreakin' heads is what it means These guys have developed techniquesfor sniffing keystrokes out of power lines and via laser beams youknow, the ones on their freakin' headsForum Topic: PODCAST: RB2: ShakaCon Presentation: Hackers withfreakin' laser beams on their heads, the presentationread morehttp://www.secuobs.com/revue/news/116679.shtmlhttp://www.secuobs.com/revue/news/116679.shtml 2009-07-03 11:55:06 - Risky Business : Tagline: Paul Craig chats to the ShakaCon laser masters Media URL:http://itradiocomau/security/wp-content/uploads/RB2-lasers-interviewmp3If you're an avid RB2 listener you would have already heard theShakaCon presentation by Andrea Barisani and Daniele Bianco onnon-conventional keystroke sniffing techniquesTheir presentation was on sniffing keystrokes through powerlines, oralternatively by using freakin' lasers attached to their frickin'heads to detect he sound of keystrokes and then work out what wasbeing typedForum Topic: RB2: ShakaCon Interview: Hackers with freakin' laserbeams on their freakin' headsread morehttp://www.secuobs.com/revue/news/116678.shtmlhttp://www.secuobs.com/revue/news/116678.shtml 2009-07-03 08:16:17 - Computer Security News : A television anchor who's the only journalist known to have spokenwith South Carolina Govhttp://www.secuobs.com/revue/news/116652.shtmlhttp://www.secuobs.com/revue/news/116652.shtml 2009-07-03 06:44:51 - The Guerilla CISO : A big thanks to all the hackers and wannabees who have kept and continueto keep the Internet routing around censorship so that the people ofIran can get to twitter Bookmark to: Hide Sites $$'divd1183'eachfunctione { evisualEffect'slide_up',{duration:05} };http://www.secuobs.com/revue/news/116600.shtmlhttp://www.secuobs.com/revue/news/116600.shtml 2009-07-03 06:34:51 - Office of Inadequate Security : Forensics experts at the Dublin office of consultancy Ernst et Young havefound evidence that prominent companies in Ireland are allowinghome-based employees to download sensitive company and client data totheir personal computers Second-hand computer hard drives containingsensitive information - including hundreds of customer bank, Laser andcredit-card account details, car registration information, staff http://www.secuobs.com/revue/news/116597.shtmlhttp://www.secuobs.com/revue/news/116597.shtml 2009-07-03 03:15:32 - Hack In The Box : A Sydney radio show has been caught up in a global Michael Jackson spamstorm, after its website was hijacked in a bid to infect users withmalware Cyber criminals hacked into the web server of Beatz Radio, aweekly dance music show that airs on Friday nights on FM 993, andused the site to host a file that purported to be unseen videos andpictures of Jackson But the file was actually a password-stealingtrojan that surreptitiously loads itself on to the victim's computerand sends back to the hackers a log of every keystroke made Links tothe bogus YouTube clip were then sprayed out across the world as partof an email spam campaign that sought to exploit the immense interestin Jackson following his death But Beatz Radio chief Tim Little hadno idea until he was contacted by AusCERT, the national ComputerEmergency Response Team for Australiahttp://www.secuobs.com/revue/news/116561.shtmlhttp://www.secuobs.com/revue/news/116561.shtml 2009-07-03 02:42:58 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/116548.shtmlhttp://www.secuobs.com/revue/news/116548.shtml 2009-07-03 01:48:59 - Latest articles from SC Magazine US : A security researcher on Thursday unveiled a new iPhone SMSvulnerability, according to reports out of the SyScan Conference inSingaporeIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/116520.shtmlhttp://www.secuobs.com/revue/news/116520.shtml 2009-07-03 01:48:59 - Latest articles from SC Magazine US : A Dallas hospital guard was ordered to jail following his arrest oncharges of breaking into computers, planting malicious software andplanning a massive distributed-denial-of-service DDoS attack on theFourth of JulyIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/116519.shtmlhttp://www.secuobs.com/revue/news/116519.shtml 2009-07-02 23:06:02 - Rootsecure.net : The Register: Feds - Hospital hacker's 'massive' DDoS avertedhttp://www.secuobs.com/revue/news/116492.shtmlhttp://www.secuobs.com/revue/news/116492.shtml 2009-07-02 23:06:02 - Rootsecure.net : SC Magazine: Rolling Stone magazine hacker arrestedhttp://www.secuobs.com/revue/news/116490.shtmlhttp://www.secuobs.com/revue/news/116490.shtml 2009-07-02 23:06:02 - Rootsecure.net : Lifehacker: How to Crack a Wi-Fi Network's WEP Password with BackTrackhttp://www.secuobs.com/revue/news/116489.shtmlhttp://www.secuobs.com/revue/news/116489.shtml 2009-07-02 18:47:16 - Computer Security News : Britney Spears has been claimed dead in her own Twitter page, afterhackers got into her account and posted a fake messagehttp://www.secuobs.com/revue/news/116381.shtmlhttp://www.secuobs.com/revue/news/116381.shtml 2009-07-02 17:13:41 - Darknet The Darkside : http://www.secuobs.com/revue/news/116316.shtmlhttp://www.secuobs.com/revue/news/116316.shtml 2009-07-02 17:09:26 - The Dark Visitor : During the Olympics Games, a secret organization was formed by a Chinesehacker named Wang Zi to protect Olympic websites against foreignhackers and while they won’t say, reprisals were probably takenagainst offenders This article, from the People’s Daily, details WangZi’s efforts to bring back the patriotic spirit of the Red HackerAlliance “The Tao http://www.secuobs.com/revue/news/116313.shtmlhttp://www.secuobs.com/revue/news/116313.shtml 2009-07-02 05:57:37 - Hack In The Box : Over $400,000 is missing from a bank account for Bullitt Countygovernment and authorities are calling it electronic theft GregSchreacke, president of First Federal Savings Bank, said someone wasable to get into the county's network Once inside, the hackers hadaccess to all of the county's computers, user names and passwordSchreacke said the group accessed the network from another country andthat is how authorities were able to trace it "This is a prettysophisticated group, so there's a high likelihood some of the money isgoing to be missing They're the pros at it However, we're going toget a substantial amount back," said Schreackehttp://www.secuobs.com/revue/news/116166.shtmlhttp://www.secuobs.com/revue/news/116166.shtml 2009-07-02 05:57:37 - Hack In The Box : On Monday Neil McAllister posed the question "is the hacker ethic harmingAmerican developers" Slashdot picked it up and Tim forwarded it tothe Radar list As you might expect, it resulted in some spiriteddiscussion James Turner kicked things off with this response it hasbeen slightly edited from its email form After James lays out hisargument I'll reply with my thoughts Then we hope to hear from youLet us know what you thinkhttp://www.secuobs.com/revue/news/116162.shtmlhttp://www.secuobs.com/revue/news/116162.shtml 2009-07-02 04:07:16 - Optimal Security : My take: New Internet-based technologies bring new opportunities for thebad guys The growth of the applications we use has gone from dozensto nearly 1,000 The losses are huge, and while the top-line number isdisputable, no one can argue that cybercrime losses have reachedpreviously unforeseen levels Regardless of whose survey you read, themajority of respondents http://www.secuobs.com/revue/news/116086.shtmlhttp://www.secuobs.com/revue/news/116086.shtml 2009-07-01 23:57:37 - Latest articles from SC Magazine US : A disgruntled software developer has been charged with launching attacksagainst Rolling Stone and Radar MagazineIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/116021.shtmlhttp://www.secuobs.com/revue/news/116021.shtml 2009-07-01 21:03:43 - eSecurity Planet Features : A security expert notes an alarming trend, and provides guidance toprotect yourself against ithttp://www.secuobs.com/revue/news/115993.shtmlhttp://www.secuobs.com/revue/news/115993.shtml 2009-07-01 20:29:02 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/115969.shtmlhttp://www.secuobs.com/revue/news/115969.shtml 2009-07-01 19:40:48 - SecurityTube.Net : Hacker Commerce Episode 4 Video TutorialIMAGEhttp://www.secuobs.com/revue/news/115905.shtmlhttp://www.secuobs.com/revue/news/115905.shtml 2009-07-01 11:45:09 - The Dark Visitor : First, thank you to everyone who sent an e-mail asking if everything wasokay Yep, we are fine with the exception of a few missing images thatwill be replaced as time permits Second, Chinese hackers did not takeus down, it was a combination of the upgrade to WP 28 and GodaddyLong story http://www.secuobs.com/revue/news/115757.shtmlhttp://www.secuobs.com/revue/news/115757.shtml 2009-07-01 09:51:04 - Cheer10s Underground Syndicate : By Brian PrinceSource:http://wwweweekcom/c/a/Security/Hacker-Max-Ray-Butler-Pleads-Guilty-522493/Former security consultant Max Ray Butler pleaded guilty to wire fraudcharges June 29 in connection with his role in a massive hacking andidentity theft scheme Butler faces decades behind bars when he issentenced in OctoberNotorious hacker Max Ray Butler, also known as Max Ray Vision, pleadedguilty to wire fraud charges June 29, acknowledging his involvement inthe theft of credit card and identity dataButler, 36, of San Francisco, was a former security consultant turnedhacker who had been on the radar of law enforcement under his varioushacker aliases for years Convicted in 2001 of hacking into theDepartment of Defense, he served 18 months in prison In 2004, he waspart of a group of individuals investigated by the FBI and the SecretService for compromising code in the "Half-Life" video gamehttp://www.secuobs.com/revue/news/115738.shtmlhttp://www.secuobs.com/revue/news/115738.shtml 2009-07-01 09:51:04 - Cheer10s Underground Syndicate : Source: http://wwwktuucom/Global/storyaspS=10622529ANCHORAGE, Alaska -- A Tennessee college student charged with hackinginto former vice presidential candidate Sarah Palin's e-mail was incourt Tuesday asking for a dismissalDavid Kernell and his attorney walked into federal court in Knoxville,Tenn, to ask a judge to drop the four charges against himhttp://www.secuobs.com/revue/news/115737.shtmlhttp://www.secuobs.com/revue/news/115737.shtml 2009-07-01 04:44:11 - Governmentsecurity.org : The term hacker may be used to describe people who steal informationfrom computers, but that's just the dark side of the storyLike the cowboy heroes of childhood, there are white hats as well asblack, and the former are legal hackers: security professionals whoaim to make the wilds of the internet a safer place for us all,tracking down and rounding up the exploits that endanger ourcomputersIMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/115638.shtmlhttp://www.secuobs.com/revue/news/115638.shtml 2009-07-01 02:04:59 - Computer Security News : Federal prosecutors say a 25-year-old contract security guard accusedof hacking into computers at the clinic where he worked has beenarrestedhttp://www.secuobs.com/revue/news/115611.shtmlhttp://www.secuobs.com/revue/news/115611.shtml 2009-07-01 01:53:19 - Hack In The Box : Commonwealth Bank's internet banking website has buckled under recordlevels of unexplained traffic, leaving nearly 45 million customersfearing for their account security The bank admitted that it wasforced to shut down its website in order to investigate the traffic,some of which "appears to be malicious" Customers were locked out ofthe CBA's NetBank internet site on Monday and Tuesday, with the bankas yet unable to identify the source of the traffic influx The scarecomes just as the financial year draws to a close, leaving millions ofCBA's registered online customers at a loss as they process the end ofthe tax yearhttp://www.secuobs.com/revue/news/115589.shtmlhttp://www.secuobs.com/revue/news/115589.shtml 2009-07-01 00:53:48 - 4sysops : Until my recent discovery of Process Hacker, I assumed that ProcessExplorer was the best Task Manager alternative However, in someareas, the Open Source tool Process Hacker is more than a match forMicrosoft’s Sysinternals tool The user interfaces of both tools lookquite similar As in Process Explorer, you can add additional http://www.secuobs.com/revue/news/115506.shtmlhttp://www.secuobs.com/revue/news/115506.shtml 2009-07-01 00:30:26 - Latest articles from SC Magazine US : A hacker who went by the alias "Iceman" pleaded guilty Monday in federalcourt in Pittsburgh to charges of wire fraud and now faces up to 60years in prisonIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/115502.shtmlhttp://www.secuobs.com/revue/news/115502.shtml 2009-06-30 21:20:26 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/115455.shtmlhttp://www.secuobs.com/revue/news/115455.shtml 2009-06-30 21:20:26 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/115454.shtmlhttp://www.secuobs.com/revue/news/115454.shtml 2009-06-30 18:04:50 - Computer Security News : RICHMOND, Va - Some doctors are holding off prescribing painkillersafter a hacker accessed more than 355 million of Virginia's mostsensitive prescription drug records two months ago, a state officialtold a legislative panel Mondayhttp://www.secuobs.com/revue/news/115328.shtmlhttp://www.secuobs.com/revue/news/115328.shtml 2009-06-30 16:40:22 - Security Bloggers Network : I regularly see a lot of extremely dubious and rather slimy techniquesdeployed to get end-users to run horrible things or fall for scamsGenerally, the targets tend to be the technologically inept or granny,sitting in the corner See granny Sure you do, she's right over therereplying to the Third King of Nigeria and helping him out with hiscash relocation problemHowever, I've come across a scam rapidly spreading across numerousunderground forums and IRC channels that is truly one of the scummiesttactics I've seen in some timeHow bad Allow the following screenshot to spell it out for youneopets0gifLadies and Gentlemen, allow me to present you with the winner of theLowest Tactic Used in 2009 award Do your kids play Neopets If theydo, you might want to read this and gently warn them of the dangersNeopets: What is itflickr-photo { border: solid 2px #000000; }flickr-yourcomment {}flickr-frame { text-align: left; padding: 3px; }flickr-caption {font-size: 08em; margin-top: 0px; } Neopets, originally uploaded byPaperghostFrom Wikipedia:Neopets originally NeoPets is a virtual pet website, based aroundthe virtual pets that inhabit the virtual world of Neopia Visitorscan create an account and take care of up to four virtual pets, buyingthem food, toys, clothes, and other accessories using a virtualcurrency called Neopoints Neopoints can be earned through playinggames, investing in the game's stock market, trading, and winningcontests such as customization and art Neopets also operates apay-to-play version known as Neopets Premium, which offers additionalfeatures and benefits for a monthly fee of $799 USDThe scam is based around one of the core mechanics of Neopets: kidslove rare items and things that nobody else has Neopets has magicalpaintbrushes - stay with me on this - and they're rather hard to gethold of nowadays As an example of that, here's a petition posted in2004 that people are still posting comments to In addition, here'sa list of current prices - now consider a newcomer to Neopets startswith the rather paltry sum of 1000 Neopoints, and you can see whythere's a desire for these itemsThis is where we target some 12 year olds with social engineering OhdearThe MethodNeopets is effectively social networking for younger kids and someteenagers Or, as someone on a hacking forum put it while discussingthis particular attack,neopets4gifouch No surprise, then, that the site has many communal areaswhere people can chat, hang out, send each other messages and seewhat's going on Our hackers will move to the trading areas, wherekids can post requests for items they'd like to buy, sell or tradeThen it's just a case of hunting out posts like thisneopets5gifand that child is, officially, doomed Asking for paintbrushes onthe trading areas of Neopets will mean that they're likely to be therecipient of a Neomail private messaging on the Neopets website thatlooks like this:flickr-photo { border: solid 2px #000000; }flickr-yourcomment {}flickr-frame { text-align: left; padding: 3px; }flickr-caption {font-size: 08em; margin-top: 0px; } Neopets Scam, originally uploadedby PaperghostDid someone order a "Social engineering 12 year olds campaign" to goBecause I think its at the door and the delivery guy is waiting forhis tipFrom there, it's just a case of said child visiting the external link,downloading a file and being keylogged into infinity and beyond Thenthe fun really beginsneopets6gifWave goodbye to your rare items, kids - and you didn't want your XBoxLive account that potentially has credit card details attached to itanymore either, did you The attackers then use the familiar tactic oftaking a previously trusted source and using it to attack theirfriends et other newcomers to the site Alongside hanging out in thehandily labeled "Newbies" section and spamming messages, they'll alsopost fake "It worked" messages from compromised accounts to the forumsof threads started by the attacker, much like people do on Youtube togive the impression that fake programs actually work scroll down to"positive comments"Additionally, the PC is quite possibly used by other people, or indeedbelongs to someone else altogetherneopets7gifwhich would be, as you can imagine, a "bad thing"Shall we see some of the reaction to this attack method from thepeanut galleryneopets8gif"Stupid 12 year olds" are apparently in for a smackdownneopets9gifThe above individual is clearly excited by thisneopets10gifwell, if you're going to intentionally target young kids you mightas well go the whole hog and dump them into a Botnet too The messagesaren't just being posted and sent by private message on the Neopetssite - they're also turning up on third party websites tooneoforumsgifClick to EnlargeInterestingly, sites such as Neopets are accessed in corporateenvironments too - FaceTime collects live traffic data fromcommercially deployed Unified Security Gateway appliances at more than80 mid to large enterprises worldwide that have opted into thisprogram, representing the daily Web-based activities of more than100,000 corporate workersDuring the past week, these corporate workers have accessed 99different virtual worlds from their work computers, and at least halfof those are targeted at children Perhaps the kids are asking theirparents to check on their Neopets at work or see if the latest friendrequest on Myspace has been approvedAt any rate, let's hope they're wary of too-good-to-be-true paintbrushdeals Whether at home or in the workplace, "offers" such as the onesabove should be avoided and anyone sending your child messages aboutpaintbrush creators should report them here you'll need to be loggedin to access that URLI never thought I'd have to advise young children to stay frosty, butthere you gohttp://www.secuobs.com/revue/news/115289.shtmlhttp://www.secuobs.com/revue/news/115289.shtml 2009-06-30 05:45:19 - Computer Security News : A San Francisco man pleaded guilty today in Pittsburgh this afternoonto federal charges of hacking into computer systems of financialinstitutions and other hackers to steal nearly 2 million credit cardnumbers, which were used to rack up more than $86 million infraudulent chargeshttp://www.secuobs.com/revue/news/115155.shtmlhttp://www.secuobs.com/revue/news/115155.shtml 2009-06-30 05:27:41 - Hack In The Box : Hackers using Twitpic, a South Carolina service that lets people tradepictures via Twitter, posted fake reports that Britney Spears andother celebrities died over the weekend The problem did not directlyinvolve San Francisco-based Twitter, said Charleston, SC-basedTwitpic Inc on its company blog Monday Twitpic isn’t owned byTwitter “Yesterday we were made aware of a vulnerability with ouremail posting system,” the company said Hackers exploiting theproblem sent fake messages that Spears had “passed,” as well asreports that teenage singer Miley Cyrus was dead Last year hackersbroke into a YouTube account connected with Cyrus and put up a videosaying she’d been killedhttp://www.secuobs.com/revue/news/115134.shtmlhttp://www.secuobs.com/revue/news/115134.shtml 2009-06-30 05:17:46 - CGISecurity Website and Application Security News : "A legally blind Massachusetts phone hacker was sentenced Friday to over11 years in federal prison, following his guilty plea on computerintrusion and witness intimidation charges earlier this year MatthewWeigman, 19, was sentenced in Dallas by US District Judge BarbaraMG Lynn, according to the US Attorney’s Office therehttp://www.secuobs.com/revue/news/115119.shtmlhttp://www.secuobs.com/revue/news/115119.shtml 2009-06-30 04:51:28 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/115102.shtmlhttp://www.secuobs.com/revue/news/115102.shtml 2009-06-30 04:19:40 - News : Known as 'Little Hacker,' he'd use the 911 system to send SWAT teamsto victims' housesread moreIMAGEhttp://www.secuobs.com/revue/news/115078.shtmlhttp://www.secuobs.com/revue/news/115078.shtml 2009-06-30 00:22:45 - Security For All : Throughout my career as a software engineer and all around code monkey,I have been both denounced and applauded as a “hacker” In my currentposition, it is part of my duties to “think like a hacker” Clearlythere is a lot of confusion surrounding the term hacker Wikipedia hasthese definitions Hacker computer security, someone http://www.secuobs.com/revue/news/115027.shtmlhttp://www.secuobs.com/revue/news/115027.shtml 2009-06-29 19:52:05 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/114941.shtmlhttp://www.secuobs.com/revue/news/114941.shtml 2009-06-29 19:52:05 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/114940.shtmlhttp://www.secuobs.com/revue/news/114940.shtml 2009-06-29 19:52:05 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/114939.shtmlhttp://www.secuobs.com/revue/news/114939.shtml 2009-06-29 19:11:54 - MX Logic Security News : Hackers broke into the TwitPic accounts of Britney Spears, EllenDeGeneres and other celebrities to broadcast bogus information, theAssociated Press reportedThe hacked accounts were discovered Sunday after TwitPic, the largestservice for posting photographs to the micro-blogging site Twitter,noticed phony messages, including one that said Spears had diedTwitpic, which is not owned or affiliated with Twitter, said on itsTwitter feed that the company had "implemented a fix for the emailposting vulnerability"Hackers have increasingly hijacked user accounts on Facebook andTwitter to spread viruses and spam and to phish other users' accountinformationWeb security experts say phishing attacks on social networking sitesare up to 10 times more effective than those sent via emailA recent survey found that 30 percent of users of social networks hadbeen subject to cyberattacks Many users leave themselves open toattacks but publishing personal information that could be used foridentity theftAmong younger users, 51 percent use the same password on multiplesites and two-thirds share personal information that may compromiseonline privacy, the survey foundADNFCR-1765-ID-19241123-ADNFCRhttp://www.secuobs.com/revue/news/114870.shtmlhttp://www.secuobs.com/revue/news/114870.shtml 2009-06-29 16:35:11 - tmp lab : HSF 2009 is going on, with great meetings and presentations That’s apleasure to see such a forum taking place with that many talented etenergy giving people You can check the photos et videos on the HSF2009 wwwhackerspacenet websitehttp://www.secuobs.com/revue/news/114844.shtmlhttp://www.secuobs.com/revue/news/114844.shtml 2009-06-29 07:33:44 - Hack In The Box : File-sharers have been called many things throughout the years They’vebeen associated with “bikey gangs”, terrorists and crime networksto name a few While file-sharers have been named a number of thingsby the copyright industry and those that support them, that doesn’tmean they like being called these names A French Pirate Party memberhas decided to push back against the latest name, “Hacker group”If you catch the odd story here and there, there’s been quite a warof words over in France regarding file-sharing and the Pirate Partymovement Officials have suggested that sites like SnowTigers areprofit making machines Plenty of members refute the claims thatpeople pay money to access more content on private sites as one ofthe standards in private site design is not to sell access to content,though users can get VIP status for being a donator – donationsaren’t usually explicitly encouragedhttp://www.secuobs.com/revue/news/114731.shtmlhttp://www.secuobs.com/revue/news/114731.shtml 2009-06-28 10:06:57 - Computer Security News : The Government Communication Headquarters is recruiting computerhackers to defend Britain from cyber attacks enlarge Reformed computerhackers are being recruited by the Government to defend Britain frominternational crime gangs and terrorists plotting cyber attacks on thecountryhttp://www.secuobs.com/revue/news/114521.shtmlhttp://www.secuobs.com/revue/news/114521.shtml 2009-06-27 12:08:03 - Computer Security News : Harry Potter fans desperate for a sneak preview of the new film arebeing ripped off by hackershttp://www.secuobs.com/revue/news/114432.shtmlhttp://www.secuobs.com/revue/news/114432.shtml 2009-06-27 07:40:42 - Homeland Security News : Security chiefs are hiring teenage computer hackers to spearhead a waron cyber terrorists A crack team of web whizz-kids is being set up tofoil al-Qaeda internet-based attacks on the UK British spymastersfear terror groups, who already use the web to spread hate, aim totake it on as a http://www.secuobs.com/revue/news/114415.shtmlhttp://www.secuobs.com/revue/news/114415.shtml 2009-06-26 23:02:22 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/114269.shtmlhttp://www.secuobs.com/revue/news/114269.shtml 2009-06-26 19:16:05 - Threatpost Feed : As night follows day, malicious hackers are following high-profilenews around celebrity deaths to launch attacksAccording to a warning from the US Computer Emergency Response team,there are several spam campaigns, phishing attacks, and malicious codetargeting the recent deaths of Michael Jackson and Farrah Fawcetthttp://www.secuobs.com/revue/news/114165.shtmlhttp://www.secuobs.com/revue/news/114165.shtml 2009-06-26 19:03:35 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/114161.shtmlhttp://www.secuobs.com/revue/news/114161.shtml 2009-06-26 19:03:35 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/114159.shtmlhttp://www.secuobs.com/revue/news/114159.shtml 2009-06-26 18:17:13 - SecurityTube.Net : Hacker Commerce Episode 2 Video TutorialIMAGEhttp://www.secuobs.com/revue/news/114122.shtmlhttp://www.secuobs.com/revue/news/114122.shtml 2009-06-26 18:17:13 - SecurityTube.Net : Hacker Commerce Episode 3 Video TutorialIMAGEhttp://www.secuobs.com/revue/news/114121.shtmlhttp://www.secuobs.com/revue/news/114121.shtml 2009-06-26 18:11:55 - MX Logic Security News : Hackers sympathetic to Iran's ruling regime hijacked the University ofOregon website on Wednesday to redirect visitors to a site that saidthe regime "never cheated" in the disputed June 12 electionThe Associated Press reported that visitors to the university's websystem during a 90-minute window Wednesday were taken to an 89-wordpro-Iranian message that warned President Obama to stay out of IranianaffairsThe hackers used the university's network to send the message to APand others The message addressed the president as "Hey Stupid FlyCatcher Obama"Diane Saunders, spokeswoman for the university, told AP that thehackers were able to gain control of the site through third-partysoftware that had not been updated Saunders said the computers ofvisitors to the site were not compromisedRob Housman, executive director of the Cyber Secure Institute, aresearch and advocacy firm, said the hack highlighted how the UnitedStates is engaged in a "low-level conflict" across cyberspaceHousman said it reveals the extent to which US network security isinadequate"Consider the damage possible if the attackers weren't lesssophisticated Iranian protestors but the Chinese military'scyber-special-forces or the legions of Russian cyber-irregulars," hesaid ADNFCR-1765-ID-19238397-ADNFCRhttp://www.secuobs.com/revue/news/114117.shtmlhttp://www.secuobs.com/revue/news/114117.shtml 2009-06-26 07:31:43 - Hack In The Box : If you use RSS feeds, be advised that there may be hackers out there thatare taking control and redirecting users to spammer sites Accordingto an article on seroundtablecom there has been a rise in the numberof RSS feeds being hacked into lately Wordpress feeds were cited asone place where these feeds are being compromisedhttp://www.secuobs.com/revue/news/113968.shtmlhttp://www.secuobs.com/revue/news/113968.shtml 2009-06-26 07:31:43 - Hack In The Box : Great Britain has launched a new cyber security command center to helpcombat network intruders and forge offensive attacks againstopponents The country has hired a number of former hackers to helpstaff the new Cyber Security Operations Center, which will beginoperation in September “You need youngsters who are deep into thisstuff… If they have been slightly naughty boys, very often theyreally enjoy stopping other naughty boys,” said Lord West, who wasappointed Britain’s first cyber security ministerhttp://www.secuobs.com/revue/news/113967.shtmlhttp://www.secuobs.com/revue/news/113967.shtml 2009-06-26 03:25:57 - Computer Security News : Speaking at the World Conference on Disaster Management, onecyber-security consulting firm, said government and industry systemsare being compromised daily by cyber threats that are far more focusedand specific than in the pasthttp://www.secuobs.com/revue/news/113911.shtmlhttp://www.secuobs.com/revue/news/113911.shtml 2009-06-26 03:09:33 - Hack In The Box : Hackers on Wednesday crashed the website of the Brein foundation, a Dutchadvocacy group for the entertainment industry which just this weekfiled a lawsuit against the Swedish download site Pirate Bay Accordingto Tim Kuik of Brein the attack started hours after the foundationserved the owners of Pirate Bay, a Swedish site that allows people toillegally download movies, music and games, with summons to appearbefore a court in Amsterdam on July 21 The summons were sent overTwitter and Facebook because the foundation's lawyers had not beenable to physically locate the site's owners Brein wants Pirate Bayblocked for users in the Netherlandshttp://www.secuobs.com/revue/news/113900.shtmlhttp://www.secuobs.com/revue/news/113900.shtml 2009-06-26 02:48:37 - Technicalinfo.net Blog : Next week, in the run up to this years Hacker Halted USA 2009 conference,I'll be delivering a EC-Council webinar covering DIY MalwareConstruction The presentation covered the dynamics of building custommalware and making it undetectable to anti-virus - regardless ofsignature, heuristic or behavioral detection engines but eventuallyprotectable one the good-guy AV folks finally get a sample and developa dedicated signatureIf you've got the time, please join the webinar You can see a line upof past and future presentations hereWith regards to main conference event, well thats not until September23-25 down in Miami I'll be presenting on the topic of FactoringMalware into Web Application Design - which will of course be verycool :-IMAGEhttp://www.secuobs.com/revue/news/113890.shtmlhttp://www.secuobs.com/revue/news/113890.shtml 2009-06-25 22:33:36 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/113806.shtmlhttp://www.secuobs.com/revue/news/113806.shtml 2009-06-25 17:47:38 - Internet Security News : Users of online social networks may be more vulnerable to financial loss,identity theft and malware infection than they realize, according to anew survey from security software firm WebrootThe survey found two-thirds of respondents don't restrict any detailsof their profiles from being visible through a search engine likeGoogle and over half are not sure who can see their profileAbout one third include at least three pieces of personallyidentifiable information and more than one third use the same passwordfor multiple sites In addition, one quarter accept "friend requests"from strangers"The growth of social networks presents hackers with a huge targetThe amount of time spent on communities like Facebook last year grewat three times the rate of overall Internet growth," said MikeKronenberg, chief technology officer of Webroot's Consumer business"Three in ten people we polled experienced a security attack through asocial network in the past year, including identity theft, malwareinfection, spam, unauthorized password changes and 'friend indistress' money-stealing scams The first step to staying protected isbeing aware of what the threats are and knowing how to help preventthem"Cybercriminals use various types of trickery and malware to takeadvantage of risky behaviors One common tactic is phishing, whichhackers use to entice victims into downloading an infected file,visiting a risky site outside the social network, or wiring money to a"friend in distress"Webroot says in recent months it has seen an increase in these typesof attacks on social networks, including "Trojan-MyBlot," whichtargeted users of MyYearbookcom and others targeting Facebook users"Hackers lure users into taking actions they shouldn't by making itappear as if a friend within their social network has sent them amessage - only the message is from a hacker who's hijacked thefriend's account," continued Kronenberg"We've seen instances where a salacious yet poorly worded messagelike, 'This video of u is evrywhere' includes a link that, whenclicked, prompts the user to download a seemingly legitimate filewhich, once on your PC, can do a number of things -- spam yourfriends, monitor your online activity or record your personalinformation"IMAGEIMAGE IMAGE IMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/113708.shtmlhttp://www.secuobs.com/revue/news/113708.shtml 2009-06-25 14:57:37 - Computer Security News : Britain is hiring former computer hackers to join a new security unitaimed at protecting cyberspace from foreign spies, thieves andterrorists, the country's terrorism minister saidhttp://www.secuobs.com/revue/news/113628.shtmlhttp://www.secuobs.com/revue/news/113628.shtml 2009-06-25 10:38:10 - Rootsecure.net : c|net: QetA - Adrian Lamo, the hacker philosopherhttp://www.secuobs.com/revue/news/113561.shtmlhttp://www.secuobs.com/revue/news/113561.shtml 2009-06-25 06:11:34 - Hack In The Box : For 90 minutes this morning, hackers upset with President Obama’s vocalstance on the disputed Iranian election made their voice known Amessage telling President Barack Obama to mind his own business andnot to comment on Iran’s election was posted A spokeswoman for theuniversity, Diane Saunders, said hackers allegedly broke through theschool’s computer defenses via a third-party software applicationthat had not been properly updated It afforded the hackers theability to access the computer and address the president in theunflattering way: “Hey Stupid Fly Catcher Obama”, according tothe APhttp://www.secuobs.com/revue/news/113480.shtmlhttp://www.secuobs.com/revue/news/113480.shtml 2009-06-24 22:20:54 - Computer Security News : After a "massive breach" jeopardized the personal information of 50million consumers, Attorney General Edmund G Brown Jrhttp://www.secuobs.com/revue/news/113333.shtmlhttp://www.secuobs.com/revue/news/113333.shtml 2009-06-24 21:00:34 - insanesecurity : A couple of days ago David The Great Melnichuk released The Hacker’sUnderground Handbook, ebook that comes as an aid for all those thatare starting just now in this domain Why this and not any otherintro/tutorial found on the web, you may ask Although the internet isthe biggest resource, finding useful information in http://www.secuobs.com/revue/news/113237.shtmlhttp://www.secuobs.com/revue/news/113237.shtml 2009-06-24 09:42:38 - Cheer10s Underground Syndicate : Source:http://wwwcreditfyicom/News/hacker-compromises-credit-union-system-123htmsecurity breach compromises personal secure dataIn this digital age, Americans are trying hard to remain vigilant andaware of their credit information to make sure that someone isn'tusing their account fraudulentlyHowever, sometimes there can be a data system breach, such as therecent hacking incident involving Suncoast Schools Federal CreditUnionAccording to an announcement on its website, "thousands of financialinstitutions and millions of cardholders" were affected — and not justSuncoast's customershttp://www.secuobs.com/revue/news/113034.shtmlhttp://www.secuobs.com/revue/news/113034.shtml 2009-06-24 04:51:35 - HolisticInfoSec.org : Those of you aspiring to proudly display your recently acquiredApplication Security Specialist certifications can rest comfortableknowing that the CafePress ASS Cert Online Store is protected byMcAfee Secure/Hacker Safe This is wonderful news as it guaranteesthat your transaction is safe while you purchase your favorite ASSCert products The store is offering ASS Hats, Office Attire, ASSGear, framed certificate tiles, and framed oath reminders for those ofyou who may forget:I will maintain my status as a Certified Application SupportSpecialist as proof of my knowledge and experienceWhile you're logged in, you can even make use of an added feature: anopen redirect that allows you direct internet traffic to anydestination of your choosingCheck it out hereEnjoy, and I expect to see all you Application Security Specialists tobe wearing your ASS Hats when I see you at defcondelicious | digg | Submit to SlashdotPlease support the Open Security Foundation OSVDBIMAGEhttp://www.secuobs.com/revue/news/112939.shtmlhttp://www.secuobs.com/revue/news/112939.shtml 2009-06-23 21:02:46 - CGISecurity Website and Application Security News : "Iran's foreign ministry spokesman accused the cable network CNN of"officially" training people to "hack government and foreign ministry"websites on Monday, citing a CNNcom article that explained howhackers were launching distributed denial-of-service DDOS attacks onIranian government sites "They officially trained the people to comeand hack Iran's governmenthttp://www.secuobs.com/revue/news/112838.shtmlhttp://www.secuobs.com/revue/news/112838.shtml 2009-06-23 19:57:31 - MX Logic Security News : Iran's foreign ministry spokesman accused the cable network CNN of"officially" training people to "hack government and foreign ministry"websites on Monday, citing a CNNcom article that explained howhackers were launching distributed denial-of-service DDOS attacks onIranian government sites"They officially trained the people to come and hack Iran's governmentwebsites," spokesman Hassan Qashqavi said during a press conference,according to CNNcom "This is a cyber war This, with, isn't it acyber war of the media with an independent government They askedpeople to use the DOS system to hack our websites"The network responded on its website Monday in a statement, callingthe accusations "completely false" and stating that "CNN is beholdento no government in its reporting"Some Iranians had been using Twitter to launch DDOS attacks on Iranianwebsites Richard Stiennon, a network security consult, said he hadseen messages on Twitter that included links that could directlylaunch DDOS attacks, which can overwhelm a website with repeatedrequestsMany commentators on Twitter and blogs are cautioning thatparticipating in cyberattacks could end up backfiring and hurtingIranian dissidents by slowing down or disabling the country's internetconnectionsOne Twitterer posted a message Monday that said: "Please, surgicallyhack bad sites in Iran, NO DDOS DDOS only harms freedom fighterbandwidth"ADNFCR-1765-ID-19231813-ADNFCRhttp://www.secuobs.com/revue/news/112765.shtmlhttp://www.secuobs.com/revue/news/112765.shtml 2009-06-22 20:02:11 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/112335.shtmlhttp://www.secuobs.com/revue/news/112335.shtml 2009-06-22 07:19:13 - The InfoSec Blog : A young colleague asked about the value of the CEH certification Wouldit “Add Value” to his existing CISSP The syllabus looked interestingto him and he wondered how prospective employers would view this Thiswas my reply: There are TEN domains to the CISSP’s CBK People come tosecurity from many walks of life http://www.secuobs.com/revue/news/112135.shtmlhttp://www.secuobs.com/revue/news/112135.shtml 2009-06-22 04:24:13 - Hack In The Box : Good hackers today are businesspeople, assessing each target for thesimplest and most profitable attack scenarios These days, there areprobably no plumper targets than enterprise databases Databases housecompanies' easiest-to-sell confidential data: customer lists, payrollrecords, and many other structured inventories of sensitiveinformation Database administrators tend not to be steeped insecurity practices, and the databases themselves are frequently tiedto Web applications that have turned out to be easy to hack In itsannual breach study, Verizon Business' computer forensics teamreported that databases made up 30% of data compromises in 2008Worse, database breaches accounted for 75% of all records reportedbreached Because sensitive information is often found in a singledatabase, a single breach can lead to major damagehttp://www.secuobs.com/revue/news/112124.shtmlhttp://www.secuobs.com/revue/news/112124.shtml 2009-06-22 04:24:13 - Hack In The Box : The Central Bank of Russia has issued a warning that websites haveappeared on the Internet that imitate those of several Russian creditorganizations, Lentaru reports The sites use addresses similar tothose of the organizations they imitate but provide false informationabout them The national bank warns that entering personal informationon those sites could lead to negative consequences for the client andthe bank To combat the false websites, the Central Bank has posted alist of correct Internet addresses for Russian banks on its websitehttp://www.secuobs.com/revue/news/112122.shtmlhttp://www.secuobs.com/revue/news/112122.shtml 2009-06-21 16:40:42 - Computer Security News : Former Home Secretary Jacqui Smith "chose to disregard" the impact ofa north London computer hacker's mental health problems when sheapproved his extradition to the US, an MP saidhttp://www.secuobs.com/revue/news/112028.shtmlhttp://www.secuobs.com/revue/news/112028.shtml 2009-06-21 02:24:12 - BadwareBusters.org Most recent topics : Hello,I have a small problem and am looking for a solution if any of yournice people are willing to help outMy Joomla website, wwwkatajhr is now classified as a malware site byGoogle It was attacked by hackers a few weeks ago and it was downafter that I managed to restore the site by overwriting an oldindexphp file that I had on my HDD but it is still classified byGoogle as malwaredCan anyone give me any tips about where to look for malicious codestringshttp://www.secuobs.com/revue/news/111979.shtmlhttp://www.secuobs.com/revue/news/111979.shtml 2009-06-20 19:40:39 - Rootsecure.net : Wired: TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prisonhttp://www.secuobs.com/revue/news/111898.shtmlhttp://www.secuobs.com/revue/news/111898.shtml 2009-06-19 11:53:18 - toutcnis : Malmenée, la sécurité bancaire, ces derniers temps Avec, notamment, laréapparition de l’affaire des virus contaminant les DAB DistributeursAutomatiques de Billets Le sujet avait agité la presse mi-mars Ilvient récemment d’être complété par deux analyses techniques etfonctionnelles effectuées respectivement par Shevchenko de TreatExpertet Trustwave http://www.secuobs.com/revue/news/111504.shtmlhttp://www.secuobs.com/revue/news/111504.shtml 2009-06-19 11:33:38 - Risky Business : Tagline: Australian government Minister for the Digital Economy StephenConroy joins Risky Business Media URL:http://itradiocomau/security/wp-content/uploads/RB112mp3This week's show is a cracker -- we have a very special guest, SenatorStephen ConroyThe senator is Australia's Minister for Broadband, Communications andthe Digital Economy and I caught up with him in Sydney last week toget his take on what he feels the role of government is when it comesto IT securityForum Topic: Risky Business #112 -- Pollie wanna hacker Special guestSenator Stephen Conroyread morehttp://www.secuobs.com/revue/news/111498.shtmlhttp://www.secuobs.com/revue/news/111498.shtml 2009-06-19 07:56:47 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/111473.shtmlhttp://www.secuobs.com/revue/news/111473.shtml 2009-06-19 04:52:52 - Hack In The Box : Accused TJX hacker kingpin Albert Gonzalez called his credit card theftring “Operation Get Rich or Die Tryin” He spent $75,000 on abirthday party for himself and once complained that he had to manuallycount $340,000 in pilfered $20 bills because his counting machinebroke But while Gonzalez apparently lived high off ill-gotten gains,a programmer who claims he earned nothing from the scheme sits brokeand unemployed, his career in shambles, while awaiting sentencing fora piece of software he crafted for his friend These and other newdetails have emerged in court documents filed in the case of25-year-old Stephen Watt, a minor participant in what the feds arecalling “the largest identity theft in our Nation’s history”http://www.secuobs.com/revue/news/111442.shtmlhttp://www.secuobs.com/revue/news/111442.shtml 2009-06-19 00:34:18 - News : "The dog ate my homework" is a classic excuse of students everywhereto avoid bad grades -- but how about "the teachers couldn't inputtheir grades into the computer"read moreIMAGEhttp://www.secuobs.com/revue/news/111362.shtmlhttp://www.secuobs.com/revue/news/111362.shtml 2009-06-19 00:22:44 - Office of Inadequate Security : Kim Zetter has a nice human-interest piece over on Threat Level aboutthose involved in the TJX hack: Accused TJX hacker kingpin AlbertGonzalez called his credit card theft ring “Operation Get Rich or DieTryin” He spent $75,000 on a birthday party for himself and oncecomplained that he had to manually count $340,000 in pilfered http://www.secuobs.com/revue/news/111353.shtmlhttp://www.secuobs.com/revue/news/111353.shtml 2009-06-18 22:14:07 - Security for the Masses : The AP is reporting that the need for the hacker mind is drivingrecruiting in jihadist movements around the world According to thearticle:"A senior defense official said intelligence reports indicateextremist groups are seeking computer experts, including those capableof breaching government or other sensitive network systemsThe official, who spoke on condition of anonymity to discuss sensitiveinformation, said the extent and success of those recruiting effortsare unclear"Read more at the APIMAGEhttp://www.secuobs.com/revue/news/111323.shtmlhttp://www.secuobs.com/revue/news/111323.shtml 2009-06-18 18:04:15 - MX Logic Security News : Justices for the UK High Court have agreed to hear on July 14th anapplication for a judicial review of the extradition of Britishnational Gary McKinnon, who has confessed to hacking the networks ofthe US military and NASA, according to ZDNet UKAttorneys for McKinnon have been fighting his extradition to the US,saying that sending McKinnon to the US to face trial could result inhim committing suicide because of his mental illnessMcKinnon, the 42-year-old man who US authorities say compromised thenetwork security of the Army, Air Force, Navy and NASA and causedclose to $1 million in damages, was diagnosed last August withAsperger's syndrome, a type of autismHis attorney, family and supporters say he should be tried in the UKand contend his diagnosis was not properly considered by the former UKhome secretary who ordered his extradition in OctoberThe National Autistic Society, a UK advocacy group, has petitioned theBritish government to keep McKinnon in the UK, based on his conditionHe could face up to 70 years in prison in the US if found guiltyMcKinnon reportedly said he was searching high-security networks forevidence of extraterrestrial lifeADNFCR-1765-ID-19225634-ADNFCRhttp://www.secuobs.com/revue/news/111211.shtmlhttp://www.secuobs.com/revue/news/111211.shtml 2009-06-18 01:51:58 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/110988.shtmlhttp://www.secuobs.com/revue/news/110988.shtml 2009-06-18 01:51:58 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/110986.shtmlhttp://www.secuobs.com/revue/news/110986.shtml 2009-06-17 13:16:07 - toutcnis : Depuis que cette publication s’est occultée*, le magazine Phrack necesse de renaître de ses cendres Si cet ouvrage n’est plus vraimentla « référence » en matière de création d’exploits et de recherchepure en sécurité informatique, c’est toujours une publication quiséduit par son éclectisme, parfois par la qualité de ses articles devulgarisation, toujours par la distance et la dérision qui se dégagede chacune des contributions http://www.secuobs.com/revue/news/110641.shtmlhttp://www.secuobs.com/revue/news/110641.shtml 2009-06-17 13:16:07 - toutcnis : Après une très nette baisse vers la fin des années 80, le phreacking etactivités téléphoniques plus ou moins douteuses paraissent repartir deplus belle Brian Krebs, du Washington Post, raconte l’histoire de cestrois pirates Philippins qui ont, pendant plus de trois ans, détournéà leur profit plus de 2500 PBX situés aux USA, au Canada, en Australieet en Europe Trop souvent, ces équipements téléphoniques d’entreprisesont mal configurés, et il n’est pas très compliqué de découvrir quebon nombre d’entre eux utilisent encore les « mots de passe par défaut» http://www.secuobs.com/revue/news/110639.shtmlhttp://www.secuobs.com/revue/news/110639.shtml 2009-06-17 12:19:15 - Security Bloggers Network : A presentation that I will be keenly interested to see at Black Hat thisyear involves some iPhone hacking fun with Charles Miller and VincenzoIozzo From Technology Review: Now two researchers hope to make thingsconsiderably easier for would-be iPhone hackers Next month, CharlesMiller, a principal analyst at Independent Security Evaluators, andVincenzo Iozzo, a http://www.secuobs.com/revue/news/110628.shtmlhttp://www.secuobs.com/revue/news/110628.shtml 2009-06-17 04:48:20 - Hack In The Box : Cyber technology has fast evolved into a weapon with lethal potential, somuch so major nations are pumping billions of dollars into upgradingdefense systems to make them digital fortresses But while the UnitedStates has put the danger of cyber attacks at the top of its nationalsecurity agenda along with the nuclear threat, defense analysts havewarned China's lack of preparation against digital terrorism has leftthe country "extremely vulnerable" "In the age of information, anation's security would be at serious risk if its information systemswere attacked, or the flow of information were interrupted," saidProfessor Yu Xiaofeng, a specialist in non-traditional security atZhejiang University in Hangzhouhttp://www.secuobs.com/revue/news/110567.shtmlhttp://www.secuobs.com/revue/news/110567.shtml 2009-06-17 04:07:01 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/110543.shtmlhttp://www.secuobs.com/revue/news/110543.shtml 2009-06-16 23:54:12 - Browse Privacy Security Addons for Firefox : Ad Hacker shows you which advertisers and publishers are following youaround the Internet Developers can see details about Javascripts,beacons, and other web bugs Write your own rules for finding bugs inXML, or visit http://rulesadhackercom/http://www.secuobs.com/revue/news/110465.shtmlhttp://www.secuobs.com/revue/news/110465.shtml 2009-06-16 23:24:31 - Security Bloggers Network : "A URL-shortening service that condenses long Web addresses for use onmicro-blogging sites like Twitter was hacked over the weekend, sendingmillions of users to an unintended destination, a security researchersaid today After Cligs, a rival to the better known TinyURL andbitly shortening services, was attacked Sunday, more thanhttp://www.secuobs.com/revue/news/110444.shtmlhttp://www.secuobs.com/revue/news/110444.shtml 2009-06-16 23:21:29 - News : A week after the release of the Palm Pre, hackers are eagerlydissecting and sifting through the webOS software that powers itread moreIMAGEhttp://www.secuobs.com/revue/news/110430.shtmlhttp://www.secuobs.com/revue/news/110430.shtml 2009-06-16 20:42:11 - Rootsecure.net : Technology Review: iPhone Hackers Get a Breakhttp://www.secuobs.com/revue/news/110395.shtmlhttp://www.secuobs.com/revue/news/110395.shtml 2009-06-16 20:42:11 - Rootsecure.net : eWeek: Hacker Hits URL Shortening Service Cligs "The attack redirected22 million of the miniature URLs to a single URL"http://www.secuobs.com/revue/news/110393.shtmlhttp://www.secuobs.com/revue/news/110393.shtml 2009-06-16 19:10:45 - Latest articles from SC Magazine US : Political unrest resulting from the presidential election in Iran hasescalated to a cyberwar between the Iranian government and activists,according to security experts monitoring the situationIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/110290.shtmlhttp://www.secuobs.com/revue/news/110290.shtml 2009-06-16 05:02:46 - Computer Security News : That's right, a group of hackers wants to stay on good terms with thecompany that makes the device they're hacking Palm appears to begiving tacit approval to groups trying to hack the Palm Pre and Palm'snew handset operating system, WebOShttp://www.secuobs.com/revue/news/110109.shtmlhttp://www.secuobs.com/revue/news/110109.shtml 2009-06-16 03:24:47 - Latest articles from SC Magazine US : Political unrest resulting from the presidential election in Iran hasescalated to a cyberwar between the Iranian government and activists,according to security experts monitoring the situationIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/110031.shtmlhttp://www.secuobs.com/revue/news/110031.shtml 2009-06-15 20:49:56 - Reverse Engineering Mac OS X : Hello, If you want to have some fun and maybe improve yoursecurity/reversing skills, you might try this sitehttp://wwwdareyourmindnet It has some nice challenges in differentfields reversing is only for Windows, but hey you must be able toreverse for anything Have fun http://www.secuobs.com/revue/news/109904.shtmlhttp://www.secuobs.com/revue/news/109904.shtml 2009-06-15 20:44:35 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/109890.shtmlhttp://www.secuobs.com/revue/news/109890.shtml 2009-06-15 20:44:35 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/109888.shtmlhttp://www.secuobs.com/revue/news/109888.shtml 2009-06-15 20:44:35 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/109887.shtmlhttp://www.secuobs.com/revue/news/109887.shtml 2009-06-15 16:36:15 - Office of Inadequate Security : Gina Morris of Providence Journal reports: One day last August, theSecret Service paid a visit to the new owners of Custom House Coffeeoff West Main Road The news they brought was bad: Computer hackers,whereabouts unknown, had used sophisticated spy software to break intothe store’s wireless network and steal the credit and debit card http://www.secuobs.com/revue/news/109792.shtmlhttp://www.secuobs.com/revue/news/109792.shtml 2009-06-15 14:20:32 - Security Database Tools Watch : Process Hacker is a feature-packed tool for manipulating processes andservices on your computer It can show you the threads with symbols,modules, memory regions, handles and token of processes It hasdetailed graphs that show CPU usage, memory usage and I/O activity Itcan even change the DEP status of some processes and protect/unprotectthemProcess Hacker can read/write memory using a built-in hex editor andsearch through memory It has a powerful run-as tool that can run - Security Tools / Enumeration, Forensics, Process HackerIMAGEIMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/109750.shtmlhttp://www.secuobs.com/revue/news/109750.shtml 2009-06-15 12:49:15 - Computer Security News : Security experts have discovered two new pieces of malware targetingApple computers, putting paid to the company's claims that Mac usersdo not have to worry about viruses and security softwarehttp://www.secuobs.com/revue/news/109738.shtmlhttp://www.secuobs.com/revue/news/109738.shtml 2009-06-15 12:41:23 - ISN InfoSec News Mailing List : InfoSec News: Shen Hacker Does It Again:http://wwwnorthcountrygazetteorg/2009/06/12/shen_hacker/North Country Gazette June 12, 2009CLIFTON PARK - A 16-year-old sophomore at Shenendehowa High School whohacked into the school’s computer system last fall has been arrestedfor doing the same thing again http://www.secuobs.com/revue/news/109734.shtmlhttp://www.secuobs.com/revue/news/109734.shtml 2009-06-15 12:41:23 - ISN InfoSec News Mailing List : InfoSec News: Whitehall plans new cyber security centre to deter foreignhackers:http://wwwguardiancouk/technology/2009/jun/14/government-security-cyber-crime-hackingBy David Hencke Westminster correspondent guardiancouk 14 June 2009A national cyber security centre to combat the growing threat ofcriminal gangs and foreign states hacking into Whitehall and big http://www.secuobs.com/revue/news/109729.shtmlhttp://www.secuobs.com/revue/news/109729.shtml 2009-06-15 04:59:05 - Computer Security News : An Italian magistrate has issued an international arrest warrant for aFilipino hacker suspected of causing millions of dollars of losses totelecommunications multinationals, and Italian police have arrestedfive Pakistani nationals accused of exploiting the hacker's work todefraud the telecom companies, officials in the northern city ofBrescia http://www.secuobs.com/revue/news/109682.shtmlhttp://www.secuobs.com/revue/news/109682.shtml 2009-06-15 04:44:08 - Hack In The Box : According to Websense an Internet security company, the website of'Popular Holding,' a local stationery and book store in Singapore, washacked on June 6, 2009 The researchers at Websense state that hackersinjected harmful code into the site's homepage The obfuscatedJavaScript code diverted users to an attack site that employed anIframe similar to the Gumblar attacks Websense identified this attacksite as Karlastcom, and shortly later suptullogcom However,following the incident, the attack site was no longer allowed tooperate, said the company Websense added that Popular Holding hadbeen made aware of the incident Acknowledging the receipt of thenotification on the same day of the attack, Marketing Manager Lynn Leeof Popular Holding stated that they immediately addressed the problem,as reported by ZDNet Asia on June 8, 2009http://www.secuobs.com/revue/news/109670.shtmlhttp://www.secuobs.com/revue/news/109670.shtml 2009-06-15 04:44:08 - Hack In The Box : Researchers from net security company Websense warn that a particularsection of the MSN Canada website has fallen victim to hackers whoinjected rogue code into a page used for redirection The code isobfuscated and loads content from a domain associated with malwaredistribution The msnca website redirects to sympaticomsnca, aportal operated by Bell Canada, known for its Internet serviceprovider called Bell Internet, formerly Sympatico, and Microsoft"Canada's most popular Internet destination," as the website claims ofitself, offers all online services available on any MSN portal Whilesurfing the website with a packet inspection program on, Jay Liewnoticed some strange activity when trying to accesscinemasympaticomsnca The index page on this subdomain is set toredirect users to divertissementsympaticomsnca/Cinema/ via aLocation HTTP header This is also the place where the hackers choseto hide their payloadhttp://www.secuobs.com/revue/news/109669.shtmlhttp://www.secuobs.com/revue/news/109669.shtml 2009-06-14 21:42:22 - Rootsecure.net : The iPhone Blog: Hackers Hack Applecom Online Store to Buy iPhone 3G SSans ATetT Contracthttp://www.secuobs.com/revue/news/109549.shtmlhttp://www.secuobs.com/revue/news/109549.shtml 2009-06-14 11:53:29 - Rootsecure.net : Network World: International telecom hacker group busted "Global lawenforcement team takes down alleged authors of $55M-plus scam"http://www.secuobs.com/revue/news/109460.shtmlhttp://www.secuobs.com/revue/news/109460.shtml 2009-06-13 11:25:06 - Rootsecure.net : Lifehacker: Google Wave Questions and Answershttp://www.secuobs.com/revue/news/109353.shtmlhttp://www.secuobs.com/revue/news/109353.shtml 2009-06-13 11:21:59 - Network World on Security : Three people were indicted in the US and five were arrested in Italy inconnection with a hacking scheme to steal telecom access codes fromthousands of companies around the worldhttp://www.secuobs.com/revue/news/109348.shtmlhttp://www.secuobs.com/revue/news/109348.shtml 2009-06-12 21:57:40 - News : An Italian magistrate has issued an international arrest warrant for aFilipino hacker suspected of causing millions of dollars of losses totelecommunications multinationals, and Italian police have arrestedfive Pakistani nationals accused of exploiting the hacker's work todefraud the telecom companies, officials in the northern city ofBrescia said Fridayread moreIMAGEhttp://www.secuobs.com/revue/news/109174.shtmlhttp://www.secuobs.com/revue/news/109174.shtml 2009-06-12 19:34:02 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/109128.shtmlhttp://www.secuobs.com/revue/news/109128.shtml 2009-06-12 04:53:26 - Hack In The Box : World War III will be fought with computers, a former Homeland SecurityIT chief is warning In fact, he said, preliminary salvos are alreadyunderway Steven Cooper said foreign hackers are using automatedprograms to ping networks that control critical infrastructure such asbridges, dams, and nuclear plants—as well as systems that run theDepartment of Homeland Security itself—literally millions of timesper day in an effort to break in "If there's World War III, it willbe waged in cyberspace," said Cooper, who spoke this week at PaceUniversity's Leadership and Service In Technology Award reception indowntown Manhattan Pace tapped Viacom CIO Joe Simon as this year'swinner Simon spoke only briefly, while Cooper delivered the keynotehttp://www.secuobs.com/revue/news/108899.shtmlhttp://www.secuobs.com/revue/news/108899.shtml 2009-06-12 04:53:26 - Hack In The Box : Inside the Mercury Café, a sprawling art studio of a coffee shop onChicago Avenue, a dozen or so 20-somethings wearing jeans and darkt-shirts huddled Friday evening around a futuristic contraption riggedto the forehead of a young woman with close-cropped blue hair Thewoman tensed her jaw imperceptibly as she stared intently at a laptopcomputer open on a table Her companions watched over her shoulder andjoked about the anachronism unfolding on the monitor — a bout of“Pong,” the classic 1970s arcade game, with one crucialdistinction: She was controlling it with her brain waves,communicating with the computer through the OCZ-NIA — otherwiseknown as neural-impulse actuator — anchored to her forehead Shesquinted at the pair of retro-animated vertical lines oscillatingonscreen, a digital blip bouncing between them This is what hackinglooks like todayhttp://www.secuobs.com/revue/news/108897.shtmlhttp://www.secuobs.com/revue/news/108897.shtml 2009-06-12 01:52:51 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/108796.shtmlhttp://www.secuobs.com/revue/news/108796.shtml 2009-06-12 01:52:51 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/108795.shtmlhttp://www.secuobs.com/revue/news/108795.shtml 2009-06-12 01:52:51 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/108794.shtmlhttp://www.secuobs.com/revue/news/108794.shtml 2009-06-11 23:20:09 - Kellep Charles Information Security Blog Space : Hacker Halted USA Conference to Offer Complimentary Security Trainingworth $599 to All DelegatesUnique opportunity for attendees of information security conference inMiami to attend specially designed one-day training workshops coveringsome of the most popular security topicsAttendees of Hacker Halted USA 2009, a world-class informationsecurity conference to be hosted in Miami, Florida, from September 23– 25, will be entitled to attend one of three security workshops ledby EC-Council Master Instructors These one-day workshops will coverthree of the most popular security topics, namely Identifying Threatsand Deploying Countermeasures; Principles of Incident Handling; andExposing Virtualization Security Threats Read MoreLink:http://wwwhackerhaltedcom/NewsCenter/HackerHaltedUpdates/BreakingNewsJune10/tabid/167/DefaultaspxIMAGEhttp://www.secuobs.com/revue/news/108725.shtmlhttp://www.secuobs.com/revue/news/108725.shtml 2009-06-11 14:05:52 - ZATAZ News : Exclusif : Fin avril, un internaute du nom de Hacker Croll diffuse lespreuves de sa visite dans les petits secrets du site communautaireTwitter ZATAZCOM a rencontré ce visiteur pas comme les autreshttp://www.secuobs.com/revue/news/108481.shtmlhttp://www.secuobs.com/revue/news/108481.shtml 2009-06-11 11:32:58 - Rootsecure.net : BBC News: China's computers at hacking risk "Every PC in China could beat risk of being taken over by malicious hackers because of flaws incompulsory government software"http://www.secuobs.com/revue/news/108431.shtmlhttp://www.secuobs.com/revue/news/108431.shtml 2009-06-10 19:47:44 - Information Security Resources : From The Internet Security Alliance Virtual-machine exploit letsattackers take over host; T-Mobile confirms stolen data is genuine;Webhost hack wipes out data for 100,000 sites; Texas DPS trying tocatch up after virus, new designhttp://www.secuobs.com/revue/news/108101.shtmlhttp://www.secuobs.com/revue/news/108101.shtml 2009-06-10 08:11:36 - Computer Security News : A Not so today A With modern integrated operations,A offshore-onshorecontact is transparent and may of the processes out on the platformare controlled by onshore personnel via networked PCshttp://www.secuobs.com/revue/news/107853.shtmlhttp://www.secuobs.com/revue/news/107853.shtml 2009-06-10 03:01:55 - Hack In The Box : In a sparsely decorated office suite two floors above a neighborhood ofstrip malls and car dealerships, former oncologist Douglas Jackson isstruggling to resuscitate a dying dream Jackson, 51, is the maverickfounder of E-Gold, the first-of-its-kind digital currency that wasonce used by millions of people in more than a hundred countriesToday the currency is barely alive Stacks of cardboard evidence boxesin the office, marked “US Secret Service,” help explain why, asdoes the pager-sized black box strapped to Jackson’s ankle: atracking device that tells his probation officer whenever he leaves orenters his home “It’s supposed to be jail,” he says “Onlyit’s self-administered”http://www.secuobs.com/revue/news/107777.shtmlhttp://www.secuobs.com/revue/news/107777.shtml 2009-06-09 22:21:10 - Computer Security News : A British computer hacker at the centre of the biggest data breach inUS government history will take his fight against extradition to theHigh Court in Londonhttp://www.secuobs.com/revue/news/107664.shtmlhttp://www.secuobs.com/revue/news/107664.shtml 2009-06-09 21:39:32 - TorrentFreak : With more than million searches each day NowTorrents is one of thelarger torrent search engines on the Internet The site has grownsteadily during recent months, and everything was looking great untila few hours ago, when the owner lost its domain The domain washijacked and parked on an account at the popular registrar GoDaddyWith more than million searches each day NowTorrents is one of thelarger torrent search engines on the Internet The site has grownsteadily during recent months, and everything was looking great untila few hours ago, when the owner lost its domain The domain washijacked and parked on an account at the popular registrar GoDaddyhttp://www.secuobs.com/revue/news/107624.shtmlhttp://www.secuobs.com/revue/news/107624.shtml 2009-06-09 19:49:30 - Network World on Security : NASA hacker Gary McKinnion is launching another legal battle in a bid toavoid extradition to the UShttp://www.secuobs.com/revue/news/107592.shtmlhttp://www.secuobs.com/revue/news/107592.shtml 2009-06-09 19:12:11 - Security Bloggers Network : "The information posted over the weekend by hackers who claimed to havehacked T-Mobile is legit, T-Mobile now says But, it's not clear thatthe hackers have the full access to T-Mobile systems they claim OnSaturday, hackers posted what appear to be logfiles taken fromT-Mobile's networks to the Fullhttp://www.secuobs.com/revue/news/107553.shtmlhttp://www.secuobs.com/revue/news/107553.shtml 2009-06-09 17:04:07 - CGISecurity Website and Application Security News : "The information posted over the weekend by hackers who claimed to havehacked T-Mobile is legit, T-Mobile now says But, it's not clear thatthe hackers have the full access to T-Mobile systems they claim OnSaturday, hackers posted what appear to be logfiles taken fromT-Mobile's networks to the Fullhttp://www.secuobs.com/revue/news/107489.shtmlhttp://www.secuobs.com/revue/news/107489.shtml 2009-06-09 16:48:19 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/107475.shtmlhttp://www.secuobs.com/revue/news/107475.shtml 2009-06-09 16:48:19 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/107472.shtmlhttp://www.secuobs.com/revue/news/107472.shtml 2009-06-09 16:38:43 - Information Security Resources : Excerpts From The Register A large internet service provider said datafor as many as 100,000 websites was destroyed by attackers whotargeted a zero-day vulnerability in a widely-used virtualizationapplicationhttp://www.secuobs.com/revue/news/107471.shtmlhttp://www.secuobs.com/revue/news/107471.shtml 2009-06-09 16:25:24 - MX Logic Security News : Unknown hackers claiming to have breached the servers of wirelesscompany T-Mobile are seeking a ransom for the stolen data T-Mobileconfirmed in a statement on Monday that a data breach had occurredT-Mobile said the company identified the document from whichinformation was copied and believe possession of the data, which wasposted Saturday on a website called Full Disclosure, "is not enough tocause harm to our customers"The hackers posted a list of IP addresses and secure locations,according to a network security expert, who said the posted datasuggested a "serious attack," according to InformationWeekIn a note on the Full Disclosure site, the mystery hacker or hackerssaid they would sell the data, which they claimed includes T-Mobile's"databases, confidential documents, scripts and programs from theirservers and financial documents up to 2009"The hackers said they had offered to sell the confidential data toT-Mobile's competitors, but "they didn't show interest in buying theirdata - probably because the mails got to the wrong people - so now weare offering them for the highest bidder"In its statement to various IT security news websites, T-Mobile saidit was investigating the data breach and could not disclose anyfurther information so as to protect the integrity of theinvestigationT-Mobile said it would inform customers "if there is any evidence thatcustomer information has been compromised"ADNFCR-1765-ID-19209909-ADNFCRhttp://www.secuobs.com/revue/news/107436.shtmlhttp://www.secuobs.com/revue/news/107436.shtml 2009-06-09 14:54:23 - Reverse Engineering : submitted by mcolink 1 commenthttp://www.secuobs.com/revue/news/107397.shtmlhttp://www.secuobs.com/revue/news/107397.shtml 2009-06-09 12:42:23 - Computer Security News : A British hacker who broke into the computer systems of Nasa and theUS Navy is renewing his legal fight against extraditionhttp://www.secuobs.com/revue/news/107333.shtmlhttp://www.secuobs.com/revue/news/107333.shtml 2009-06-09 03:32:44 - Hack In The Box : A recently released report on data breaches indicates that organizedcrime has fueled a big increase in the hacking of records of banks andother financial service providers The report says thieves arebecoming increasingly successful at stealing PIN numbers that allowthem to drain cash from cardholders’ checking, savings or brokerageaccounts The 2009 Data Breach Investigations Report is based onfirsthand evidence collected during breach investigations conducted byVerizon Business A total of 285 million electronic records werebreached in 2008—more than the previous four years combined—withbanks and brokerages accounting for 93 percent of the compromisedrecords “Financial services firms were singled out and fell victimto some very determined, very sophisticated and—unfortunately--verysuccessful attacks,” the report noteshttp://www.secuobs.com/revue/news/107235.shtmlhttp://www.secuobs.com/revue/news/107235.shtml 2009-06-09 03:32:44 - Hack In The Box : Most of the time when you read stories about the much reviled Chinesehacker it's in the context of some cyberattack perpetrated on somewebsite that has stupidly dared to hurt the feelings of the Chinesepeople But really, what are Chinese hackers doing most of the time:well, duh, same thing everybody else is: trying to make some moolahBut how much money we hear the anxious parents of deadbeat teenagerssay Well, we recently came across an article about a 17 year-oldhacker that could make 50K RMB/month And the hacker interviewed forthat article claims that this is only an "average" amount Hackers,the bulk of whom in China seem to be based only on anecdotalevidence between the ages of 17 and 35, work both as individuals andin "teams", offshoots of their hacker societies and networks that havebecome increasingly commercialized and profit-orientedhttp://www.secuobs.com/revue/news/107229.shtmlhttp://www.secuobs.com/revue/news/107229.shtml 2009-06-09 03:26:21 - Cheer10s Underground Syndicate : By Matthew ShaerSouce:http://featurescsmonitorcom/innovation/2009/06/08/hackers-claim-to-have-hit-t-mobile-is-user-data-being-held-ransom/Is it a hoax T-Mobile, the mobile network operator, isn’t sayingBut on Saturday, an anonymous hacker announced that T-Mobile “has beenowned for some time We have everything, their databases, confidentalsic documents, scripts and programs from their servers, financialdocuments up to 2009” The hacker first aired the claim oninsecureorg, an online reference guide which publishes “low-levelpacket crafting methods used by advanced hackers,” according to adescription posted on the sitehttp://www.secuobs.com/revue/news/107217.shtmlhttp://www.secuobs.com/revue/news/107217.shtml 2009-06-09 03:26:21 - Cheer10s Underground Syndicate : Source: http://wwwsciencedailycom/releases/2009/06/090608143659htmScienceDaily June 8, 2009 — Oil company data security is inadequate,and production systems are at risk of attack by hackers, viruses andwormsOnce upon a time, offshore platforms were secure communities in whichproduction was controlled by closed processes that were isolated fromthe external world Today, the picture is somewhat different: in whatare known as “inte3grated operations”, offshore-onshore contact istransparent and may of the processes out on the platform arecontrolled by onshore personnel via networked PCsAlthough this has several advantages, one disadvantage is a fall ininformation security When onshore and offshore networks are linkedtogether, the chances of attacks by viruses and hackers increasehttp://www.secuobs.com/revue/news/107216.shtmlhttp://www.secuobs.com/revue/news/107216.shtml 2009-06-09 02:55:50 - Security Bloggers Network : I think a significant portion of hackers lie somewhere in theschizophrenic spectrum Oddly this is good for them, and bad news forus Over the course of evolution, genetic anomalies have emerged thatwalk a fine line between being productive and being dangerous Forinstance, mild versions of cystic fibrosis can protect against choleraby preventing the dehydration of the lungs People in certain regionsdefend against malaria with sickle-cell anemia, and its generallybelieved those with Tay-Sachs disease have a natural defense againsttuberculosis These traits continue to be bred into successivegenerations because the mild versions carryhttp://www.secuobs.com/revue/news/107198.shtmlhttp://www.secuobs.com/revue/news/107198.shtml 2009-06-09 02:38:02 - Latest articles from SC Magazine US : Jeff Moss, a former hacker who founded the Black Hat and DEFCONconferences, was one of 16 people appointed to the US Department ofHomeland Security Advisory CouncilIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/107187.shtmlhttp://www.secuobs.com/revue/news/107187.shtml 2009-06-08 22:51:59 - Rootsecure.net : Network World: T-Mobile net reportedly hit by hacker/extortion attackhttp://www.secuobs.com/revue/news/107146.shtmlhttp://www.secuobs.com/revue/news/107146.shtml 2009-06-08 22:04:30 - Latest articles from SC Magazine US : T-Mobile has yet to release details about an alleged massive hack of itssystemsIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/107092.shtmlhttp://www.secuobs.com/revue/news/107092.shtml 2009-06-08 17:40:23 - Security Bloggers Network : Two years ago, Germany passed a law that criminalized the making anddistribution of security tools Although it was an attempt toimplement a part of the COE Treaty into German law, it completelymissed the intended purpose and hurt legitimate security researchLooking back, noone has been prosecuted under this law and it onlyscared whitehat hackers or companies to move their tools outside ofGermanyRead the following article from theregistercouk which has some gooddetails on itAbstract: While we can empathize with the desire to keep hackertools out of the hands of script kiddies who intend harm, and keepblack hat hackers from developing and distributing ever moresophisticated hacker tools and zero day attacks, the problemremains that these same tools can be and are used for goodpurposes by good people While the statute attempts to focus onbad people with bad intent, it lacks the precision to do soRelated posts:* German law vs Security Tools: The fallout* New German "anti-hacker" lawPhoto under creative commons from Chris Daniel's photostreamIMAGEIMAGEIMAGE IMAGE IMAGE IMAGE IMAGEIMAGEIMAGE IMAGE IMAGEIMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/106975.shtmlhttp://www.secuobs.com/revue/news/106975.shtml 2009-06-08 17:23:42 - MX Logic Security News : Jeff Moss, founder of the Black Hat and DefCon computer hackerconferences, was among those named to the Department of HomelandSecurity Advisory Council Friday by secretary Janet NapolitanoMoss, who has also worked in IT security for Ernst et Young, has goneby the hacker handle Dark Tangent"I always figured that because of my associations in the past that Iwould be kind of out of the running for anything like this," Moss toldthe Threat Level blog on Wiredcom "To me it shows that they'rereally looking for fresh perspectives"Moss, 39, will serve on the advisory council with distinguishedsecurity and law enforcement professionals including former senatorGary Hart, former FBI director Louis Freeh, New York policecommissioner Raymond Kelly and 9/11 commission member Lee HamiltonThe announcement came Friday as Napolitano spoke to a gathering ofpolice and elected officials about the government's counternarcoticsplan for Southwest border states, which was streamed live to localintelligence sharing "fusion centers" throughout the Southwest"As we work to fulfill the department's core mission of securing thecountry against the many threats it faces, the unique insights andexpertise of this diverse council will be a valuable resource,"Napolitano saidADNFCR-1765-ID-19207597-ADNFCRhttp://www.secuobs.com/revue/news/106957.shtmlhttp://www.secuobs.com/revue/news/106957.shtml 2009-06-08 09:32:13 - Rootsecure.net : Wired: Hacker Dark Tangent Joins DHS Advisory Councilhttp://www.secuobs.com/revue/news/106864.shtmlhttp://www.secuobs.com/revue/news/106864.shtml 2009-06-08 07:12:57 - Homeland Security News : Forget the new cyber security czar position that President Barack Obamaannounced last week The real sign that the White House might befinally taking cyber security seriously came in an announcement onFriday that Jeff Moss, aka “Dark Tangent” and the former hacker behindthe annual DefCon hacker confab in http://www.secuobs.com/revue/news/106850.shtmlhttp://www.secuobs.com/revue/news/106850.shtml 2009-06-08 07:08:44 - Hack In The Box : Gone are the days when the innocuous social networking site, Orkut, wasused as a common platform for liaisoning between friends, age no barHowever, many unscrupulous users have now hacked and misused the sitemainly to harass their rivals or plain mischief mongering Recentlycyber experts of the city have registered many cases of orkut profilehacking "I have been getting over five calls daily, mainly complaintsabout orkut profiles being hacked and I have solved almost all suchcases," said a city-based cyber expert, who wanted to remainincognito, while talking to DNA The expert further said that in mostof these cases, the motive behind hacking was seen to be harassment onthe victim - known or otherwisehttp://www.secuobs.com/revue/news/106841.shtmlhttp://www.secuobs.com/revue/news/106841.shtml 2009-06-08 07:08:44 - Hack In The Box : From the Full Disclosure mailing list: Hello world, The US T-Mobilenetwork predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band,making it the largest 1900 MHz network in the United States Serviceis available in 98 of the 100 largest markets and 268 millionpotential customers Like Checkpoint Tmobile has been owned for sometime We have everything, their databases, confidental documents,scripts and programs from their servers, financial documents up to2009 We already contacted with their competitors and they didn't showinterest in buying their data -probably because the mails got to thewrong people- so now we are offering them for the highest bidderhttp://www.secuobs.com/revue/news/106831.shtmlhttp://www.secuobs.com/revue/news/106831.shtml 2009-06-07 19:15:26 - SecGuru : Prepare for the CEH certification exam with this official review guideand learn how to identify security risks to networks and computersThis easy-to-use guide is organized by exam objectives for quickreview so you’ll be able to get the serious preparation you need forthe challenging Certified Ethical Hacker certification exam 312-50 Asthe only review guide officially endorsed by EC-Council, this concisebook covers all of the exam objectives and includes a CD with a hostof additional study toolsIMAGEIMAGEIMAGE IMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/106704.shtmlhttp://www.secuobs.com/revue/news/106704.shtml 2009-06-07 17:07:10 - SecDocs Feed : http://www.secuobs.com/revue/news/106688.shtmlhttp://www.secuobs.com/revue/news/106688.shtml 2009-06-07 17:07:10 - SecDocs Feed : http://www.secuobs.com/revue/news/106687.shtmlhttp://www.secuobs.com/revue/news/106687.shtml 2009-06-07 13:14:03 - Computer Security News : On August 10, 2007, a new section of the German Penal code went intoeffect The statute, intended to implement certain provisions of theCouncil of Europe Treaty on Cybercrime, could be interpreted to makethe creation or distribution of computer security software a criminaloffensehttp://www.secuobs.com/revue/news/106670.shtmlhttp://www.secuobs.com/revue/news/106670.shtml 2009-06-06 12:54:26 - Rootsecure.net : Security Focus: Hacker-Tool Law Still Does Little "In the wake of thestatute, numerous computer security companies announced theirrelocation out of Germany"http://www.secuobs.com/revue/news/106513.shtmlhttp://www.secuobs.com/revue/news/106513.shtml 2009-06-06 06:45:28 - Cheer10s Underground Syndicate : By Elinor MillsSource: http://newscnetcom/8301-1009_3-10258634-83htmlJeff Moss, AKA Dark TangentJeff Moss, founder of the Black Hat and Defcon hacker and securityconferences, was among 16 people sworn in on Friday to the HomelandSecurity Advisory CouncilThe HSAC members will provide recommendations and advice directly toSecretary of Homeland Security Janet NapolitanoMoss' background as a computer hacker aka "Dark Tangent" and role asa luminary among young hackers who flock to Defcon in Las Vegas everysummer might seem to make him an odd choice to swear allegiance to thegovernment Although before running his computer conferences, Mossalso worked in the information system security division at Ernst etYoungI'd like to hear some of the banter as he rubs elbows with the likesof former CIA Bill Webster and FBI directors Louis Freeh, LosAngeles County sheriff, Miami mayor, New York police commissioner,governors of Maryland and Georgia, former Colorado Sen Gary Hart, andthe president of the Navajo NationIn an interview late on Friday, Moss, who is 39, said he was surprisedwhen he got the call and was asked to join the group"I know there is a newfound emphasis on cybersecurity and they'relooking to diversify the members and to have alternative viewpoints,"he said "I think they needed a skeptical outsider's view because thathas been missing"Asked if there was anything in particular he would advocate, Mosssaid: "There will be more cyber announcements in coming weeks and oncethat happens my role will become more clear This meeting was focusedon Southwest border protection With things like Fastpass and SafeFlight, everything they are doing has some kind of technologycomponent"Moss, who is genuinely humble, said he was "fantastically honored andexcited to contribute" to the HSAC and not concerned with losing anystreet cred among what some would call his fan base He did concedethat his new position would give him an unfair advantage in Defcon's"Spot The Fed" contest in which people win prizes for successfullyouting undercover government agentsSecurity consultant Kevin Mitnick, who spent five years in prison oncomputer-related charges and was on the FBI's most wanted list,praised Moss' diplomacy, but said: "I'm surprised to see Jeff on thelist I would have expected crypto/security guru and author BruceSchneier to be on the council"Moss "is a great crowd pleaser" and "he's just bad enough for them tosay 'we're crossing the ranks,'" said journalist and threat analystAdrian Lamo, who served two years of probation for breaking intocomputer networks "But the reality is he's as corporate as hiringsomeone out of Microsoft"http://www.secuobs.com/revue/news/106487.shtmlhttp://www.secuobs.com/revue/news/106487.shtml 2009-06-06 06:45:28 - Cheer10s Underground Syndicate : By Ryan TateSource:http://gawkercom/5280913/hacker-buys-anti+apple-ad-under-apple-storeIn 2006, a hacker named DVD Jon cracked the encryption on Apple'smusic store files Today he's pulled off a more tangible hack: Buyinga billboard practically inside Apple's San Francisco store toadvertise his "cure for iPhone envy"http://www.secuobs.com/revue/news/106486.shtmlhttp://www.secuobs.com/revue/news/106486.shtml 2009-06-06 04:10:33 - Hack In The Box : On August 10, 2007, a new section of the German Penal code went intoeffect The statute, intended to implement certain provisions of theCouncil of Europe Treaty on Cybercrime, could be interpreted to makethe creation or distribution of computer security software a criminaloffense In the wake of the statute, numerous computer securitycompanies announced their relocation out of Germany However, to datethere have been no prosecutions under this provision, and only a smallamount of reported litigation So far, the statute that scared thebejeezus out of the legitimate security community has not deterred ordiminished the spread of hacker tools in Germany or anywhere else andhas created legal uncertainty about potential liability The Germanlaw came out of the February 24, 2005 Council of Europe's Conventionon Cybercrime pdf This convention compelled signatories to adoptimplement legislation that, among other things, defined cybercrime,provided procedures for collecting evidence, and create a frameworkfor international cooperation on cybercrime investigationshttp://www.secuobs.com/revue/news/106460.shtmlhttp://www.secuobs.com/revue/news/106460.shtml 2009-06-06 01:18:41 - SecurityFocus News : Hacker-Tool Law Still Does Littlehttp://www.secuobs.com/revue/news/106442.shtmlhttp://www.secuobs.com/revue/news/106442.shtml 2009-06-06 00:52:57 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/106429.shtmlhttp://www.secuobs.com/revue/news/106429.shtml 2009-06-05 21:01:32 - Rootsecure.net : PC World: Hackers Claim $10,000 Prize for Breaking Into StrongWebmailhttp://www.secuobs.com/revue/news/106363.shtmlhttp://www.secuobs.com/revue/news/106363.shtml 2009-06-05 18:14:34 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/106280.shtmlhttp://www.secuobs.com/revue/news/106280.shtml 2009-06-05 06:43:39 - Computer Security News : Business users of Research In Motion's BlackBerry have been warnedabout a potential security problem that could leave them open toattacks by hackers, a vulnerability that smartphones will increasinglyface, antivirus experts sayhttp://www.secuobs.com/revue/news/106114.shtmlhttp://www.secuobs.com/revue/news/106114.shtml 2009-06-05 06:22:49 - DarkReading All Stories : Police in China arrest four after feud between underground gamingservices leads to nationwide Internet outagehttp://www.secuobs.com/revue/news/106110.shtmlhttp://www.secuobs.com/revue/news/106110.shtml 2009-06-05 00:22:20 - Securosis Blog : You ever watch a movie or TV show where you know you know the ending,but you keep viewing in suspense to find out how it actually happensThat's how I felt when I read this:Break Into My Email Account and Win $10,000 StrongWebmailcom isoffering $10,000 to the first person that breaks into our CEO'semail accountand to make things easier, we're giving you hisusername and passwordNo surprise, it only took a few days for this story to break:On Thursday, a group of security researchers claimed to have wonthe contest, which challenged hackers to break into the Web mailaccount of StrongWebmail CEO Darren Berkovitz and report backdetails from his June 26 calendar entryThe hackers, led by Secure Science Chief Scientist Lance James andsecurity researchers Aviv Raff and Mike Bailey, provided detailsfrom Berkovitz's calendar to IDG News Service In an interview,Berkovitz confirmed those details were from his accountReading deeper, they say it was a cross site scripting attackHowever, Berkovitz could not confirm that the hackers had actuallywon the prize He said he would need to check to confirm that thehackers had abided by the contest rules, adding, "if someone didit, we'll kind of put our heads down," he saidSilly rules- this is good enough for meimageThanks to @jeremiahg for the pointer- Rich 0 Commentshttp://www.secuobs.com/revue/news/106011.shtmlhttp://www.secuobs.com/revue/news/106011.shtml 2009-06-05 00:03:50 - News : Voice-based authentication software company Telesign last weekchallenged hackers to break into the Web mail account of StrongWebmailCEO Darren Berkovitz and report back details from his June 26 calendarentry Now, a group of security researchers claims to have done justthatread moreIMAGEhttp://www.secuobs.com/revue/news/105997.shtmlhttp://www.secuobs.com/revue/news/105997.shtml 2009-06-04 19:38:57 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/105890.shtmlhttp://www.secuobs.com/revue/news/105890.shtml 2009-06-03 23:10:08 - Reverse Engineering : submitted by rolfrlink 0 commentshttp://www.secuobs.com/revue/news/105577.shtmlhttp://www.secuobs.com/revue/news/105577.shtml 2009-06-03 22:12:43 - BadwareBusters.org Most recent topics : I have a blackberry curve that is being remotly cntrolled by thirdparty apps How can I download my certfor my security Laurelhttp://www.secuobs.com/revue/news/105524.shtmlhttp://www.secuobs.com/revue/news/105524.shtml 2009-06-03 03:44:18 - Hack In The Box : The year is 1999 the close of the 20th century Major news media hypewhat turns out to be an inert Y2K threat Microsoft is usingmonopolistic practices, while amazoncom and Netscape help inflate thedot-com bubble Internet stocks launch into the stratosphere But asdynamic as 1999 was, it was comparatively the age to innocence when itcomes to internet security Online shopping and online banking were inan embryonic stage Hacking was dominated by computer geeks, youngmales, seeking bragging rights trying to cheat at video games or stealmusic In cyberspace ethics became flexible and reality altered Theintroverted teen who would never dare shoplift a CD from a music storeor cheat playing a board game with “flesh and blood” acquaintancesmight think nothing of pirating a first-run movie or finding ashortcut to beat a popular online game As the new millennium begannew ways to achieve geek immortality advanced beyond piracy andcheating to creating malicious software, or malwarehttp://www.secuobs.com/revue/news/105190.shtmlhttp://www.secuobs.com/revue/news/105190.shtml 2009-06-03 00:14:18 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/105130.shtmlhttp://www.secuobs.com/revue/news/105130.shtml 2009-06-02 17:02:51 - MX Logic Security News : Apple released patches Monday for 10 security holes in QuickTime 762for Windows 7 and Mac OS X and one patch for a flaw in iTunes 82 Oneof the flaws was previously disclosed in a hacker's manual publishedin MarchAll of the critical vulnerabilities were described as allowing"arbitrary code execution," which if exploited could result in ahacker taking control of an infected PC or Mac Apple does not rankits fixes by severity of vulnerability as do other software companiesSecurity experts said the QuickTime vulnerabilities were primarilyfile format processing bugs, but included one flaw that was identifiedin a book released in March called The Mac Hacker's Handbook, writtenby IT security pros Charlie Miller and Dino TaiMiller said he put instructions in the book that would allow a readerto find the bug, although he did not show proof of concept, accordingto PC World"If you followed all the steps in the book you would find thebug," Miller told PC World yesterday "I didn't show the bug, but Igave the recipe for how to find it"The bug involves a flaw in the way QuickTime reads files that arecompressed using the JPEG 2000 JP2 standardMiller, who won a hacking contest at the Pwn2Own conference sponsoredby Apple, gave the exploit code for the JP2 flaw to Apple's securityteam after he announced that it was partially revealed in his book,according to PC WorldADNFCR-1765-ID-19198406-ADNFCRhttp://www.secuobs.com/revue/news/104961.shtmlhttp://www.secuobs.com/revue/news/104961.shtml 2009-06-02 13:24:51 - Security Park : The US District Court in Minneapolis has sentenced a 23-year-old Romanianimmigrant to 85 years in jail for stealing a total of approximately$700,000 from over 7,000 innocent people Sergiu Daniel Popa spammedout emails pretending to come from financial institutions such asSunTrust, Citibank and PayPal, trying to lure victims into visitingbogus webpages From these phishing websites, Popa morehttp://www.secuobs.com/revue/news/104761.shtmlhttp://www.secuobs.com/revue/news/104761.shtml 2009-06-02 13:18:31 - ISN InfoSec News Mailing List : InfoSec News: Hackers Compromise 40,000 Web Sites:http://wwweweekeuropecouk/news/hackers-compromise-40-000-web-sites-1029By Brian Prince eWEEK Europe 622009Security researchers at Websense say the tactics are reminiscent ofthe notorious RBN groupResearchers at Websense are reporting a mass compromise that may havehttp://www.secuobs.com/revue/news/104748.shtmlhttp://www.secuobs.com/revue/news/104748.shtml 2009-06-02 05:55:30 - Cheer10s Underground Syndicate : Source: http://wwwpresstvir/detailaspxid=96621etsectionid=3510203IMAGEMilitary companies in the US are considering plans to employ cybersoldiers as the Pentagon moves to establish a cybercommand to managefuture cyberwarsThe concept of preparing fighting cyberattacks is set to overhaul theidea of war in the US with computer talents gradually joining oldsoldiersMilitary giants including Northrop Grumman, General Dynamics, LockheedMartin and Raytheon are now busy with recruiting "hacker soldiers" toaddress the new demand for an unconventional cyberwar and in a way toblend the new capabilities into the nation's war planningThe computer nerds who were used to working in the Silicon Valley, noware recruited by the US military companies to prepare the country fora potential cyberwarhttp://www.secuobs.com/revue/news/104674.shtmlhttp://www.secuobs.com/revue/news/104674.shtml 2009-06-02 05:21:22 - Security Bloggers Network : Old-school0403jpgSQL Injection - The "Old School" of Web applicationattacks is still alive and well As reported in Information week:A known computer hacking clan with anti-American leanings hassuccessfully broken into at least two sensitive Web serversmaintained by the US Army, InformationWeek has learnedexclusivelyInvestigators believe the hackers used a technique called SQLinjection to exploit a security vulnerability in Microsoft's SQLServer database to gain entry to the Web serversWith all the talk about CSRF, Clickjacking and others, it just goes toshow that you can't ignore the basicsHere at Imperva we've beenaddressing these issues at the database and Web application layer foryears with the Imperva SecureSphere Web Application Firewall WAF,Database Firewall, and Database Activity Monitoring DAM solutionsIn addition to the Imperva SecureSphere products, Imperva has createdan extensive glossary detailing a number of attacks such as SQLInjection: ADC Glossary Also, Imperva has published to YouTube anumber of educational video demonstrations illustrating exactly howthese attacks work from an attacker's perspective so thatorganizations might better understand and protect themselves* SQL Injection Basics 1* SQL Injection Basics 2* SQL Injection Basics 3* Blindfolded SQL Injection* SQL Injection Signature EvasionAnd man more educational videos on the Imperva YouTube Channelhttp://www.secuobs.com/revue/news/104648.shtmlhttp://www.secuobs.com/revue/news/104648.shtml 2009-06-02 02:26:23 - Latest articles from SC Magazine US : A group of computer hackers based in Turkey breached the sites of twoUS Army facilities, leveraging SQL injection attacksIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/104604.shtmlhttp://www.secuobs.com/revue/news/104604.shtml 2009-06-01 22:15:56 - Rootsecure.net : Darknet: Hackers Exploiting Unpatched DirectX Bug With Quicktimehttp://www.secuobs.com/revue/news/104553.shtmlhttp://www.secuobs.com/revue/news/104553.shtml 2009-06-01 21:40:26 - News : The latest attack to hit Twitter is a "security nightmare" and marksthe first time hackers have taken to using the micro-blogging site forprofit, a researcher said todayread moreIMAGEhttp://www.secuobs.com/revue/news/104530.shtmlhttp://www.secuobs.com/revue/news/104530.shtml 2009-06-01 16:56:39 - Information Security Resources : Excerpts From CNet Hackers based in Turkey penetrated two US Army Webservers and redirected traffic from those Web sites to other pages,including one with anti-American and anti-Israeli messages, accordingto a report in InformationWeekhttp://www.secuobs.com/revue/news/104429.shtmlhttp://www.secuobs.com/revue/news/104429.shtml 2009-06-01 14:33:59 - Darknet The Darkside : http://www.secuobs.com/revue/news/104386.shtmlhttp://www.secuobs.com/revue/news/104386.shtml 2009-06-01 10:03:31 - Security Bloggers Network : I’m late to the party with this article Apparently, there are hackersthat are ill disposed to the US Who knew From Information Week: Thehackers, who collectively go by the name “m0sted” and are based inTurkey, penetrated servers at the Army’s McAlester Ammunition Plant inMcAlester, Okla, and at the US Army Corps of Engineers’ http://www.secuobs.com/revue/news/104341.shtmlhttp://www.secuobs.com/revue/news/104341.shtml 2009-05-31 19:50:54 - Kellep Charles Information Security Blog Space : David Kernell, accused of stealing Alaska Gov Sarah Palin's password andposting her e-mail during the presidential campaign, faces new federalcharges The added counts came after records were deleted fromKernell's laptop The University of Tennessee student has pleaded notguilty in the Palin case and faces up to 20 years in jailSource: NewsFactorcomIMAGEhttp://www.secuobs.com/revue/news/104100.shtmlhttp://www.secuobs.com/revue/news/104100.shtml 2009-05-31 19:50:54 - Kellep Charles Information Security Blog Space : BBC's technology program "Click" purchased a botnet recently as part ofan experiment meant to show how botnets can do damage But by puttingmoney in the hands of hackers, did BBC's program do more harm thangoodSources:http://wwweweekcom/c/a/Security/BBC-Program-Purchases-Botnet-Touches-off-Ethical-Debate-859181/http://wwwinformationweekcom/blog/main/archives/2009/03/bbc_botnet_expehtmlIMAGEhttp://www.secuobs.com/revue/news/104093.shtmlhttp://www.secuobs.com/revue/news/104093.shtml 2009-05-30 23:59:33 - Cheer10s Underground Syndicate : By Garren ShipleySource:http://wwwnvdailycom/news/2009/05/hacker-struck-winchester-army-corps-of-ehtmlWINCHESTER -- A computer hacker who compromised a United Nations Website in 2007 also defaced a US Army Corps of Engineers server basedin Winchester that yearFirst reported by a computer information magazine on Friday, a hackerknown by the handle "m0sted" -- a 24-year-old man from Turkey,according to his YouTube page -- compromised a Web page hosted on Armyservers in WinchesterM0sted's attack simply changed the contents of the page, forcing it toredirect browsers to the hacker's own page, which at the timecontained anti-American and anti-Israeli statementshttp://www.secuobs.com/revue/news/103651.shtmlhttp://www.secuobs.com/revue/news/103651.shtml 2009-05-30 23:50:44 - Security for the Masses : The rush to secure cyberspace is causing military contractors to ramp uptheir cyberwarfare divisions, The New York Times is reportingNorthrop Grumman, General Dynamics, Lockheed Martin and Raytheon areall heavily recruiting to find people to staff their cyberwardivisions It is beginning to look like a gold rush for firms in theinfo security space A quote that was kind of a duh:“It takes a nonconformist to excel at what we do,” said Mr Gillette,a tanned surfing aficionado who looks like a 1950s hipster in hisT-shirts with rolled-up sleevesThe company, which would allow interviews with other employees only onthe condition that their last names not be used because of securityconcerns, hired one of its top young workers, Dustin, after he won twomajor hacking contests and dropped out of college “I always approachit like a game, and it’s been fun,” said Dustin, now 22"Sounds like a hacker to meRead more hereIMAGEhttp://www.secuobs.com/revue/news/103649.shtmlhttp://www.secuobs.com/revue/news/103649.shtml 2009-05-30 23:32:37 - Security Bloggers Network : IIS 6 sites with the WebDAV extension enabled may be vulnerable toauthentication bypass because of a bug in the way that the extensionhandles Unicode charactersCutting the URI path with random Unicode characters allows hackers tobypass the access control list Depending on the permissions of theWeb server files, a hacker would be able to retrieve user names andpasswords, upload, overwrite and delete files, or run malicious codeUse the WebTuff utility to check your system vulnerability:1 Try to retrieve the file at the given URI using a simple WebDAV GETcommand2 Try to retrieve the file at the given URI using a simple WebDAV GETcommand, cutting the URI with these Hex | Unicode characters: %c0 and%af3 Save the retrieved file locally and / or report server responseDownload WebTuff Tool:webTuff link zip file containing win32 binary + Python source codeWebTuff-MD5 MD5 hash of WebTuff binaryhttp://wwwapplicurecom/News/WebDAV_ExploitIMAGE IMAGE IMAGE IMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/103620.shtmlhttp://www.secuobs.com/revue/news/103620.shtml 2009-05-30 18:59:55 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/103598.shtmlhttp://www.secuobs.com/revue/news/103598.shtml 2009-05-30 05:53:13 - Hack In The Box : AN Australian activist whose internet site is under federal policeinvestigation for publishing the Rudd Government's secret blacklist ofbanned websites has warned police that their investigation could beillegal and leave them open to prosecution Julian Assange, founder ofWikileaks, says the site is monitoring federal police investigationsto determine whether they are in breach of European laws protectingwhistleblowers who upload confidential documents "Belgium and Sweden,where we base our telecommunications and publishing efforts, havecriminal penalties for those seeking to break source-journalistconfidentiality," he said yesterday Mr Assange said there might begrounds for prosecution if police examined telecommunications toeither country or asked for assistance from their governmentshttp://www.secuobs.com/revue/news/103453.shtmlhttp://www.secuobs.com/revue/news/103453.shtml 2009-05-30 05:53:13 - Hack In The Box : Embarrassing pictures of Sue Brearley, were accidentally loaded onto acomputer at Whitecross School, in Lydney, Glos, it was reportedPupils allegedly discovered the private images and passed them aroundthe school IT system They are being treated as stolen and two teenageboys have been spoken to by police about the matter Mrs Brearley issaid to have told colleagues that the photographs were originallytaken on her mobile phone and loaded onto her laptop which was thenplugged into the school system Her fiancé David Gaston, the previoushead teacher, told the Daily Mirror: "We believe the photos werestolen They are private"http://www.secuobs.com/revue/news/103450.shtmlhttp://www.secuobs.com/revue/news/103450.shtml