|
Wed Feb 20, 2008
Hacker's firm doubleTwist enables copying of iTunes
A start-up co-founded by famed Norwegian hacker "DVD Jon" is on Tuesday introducing a service that enables users to copy and use copy-protected Apple iTunes songs on many popular non-Apple devices.
The San Francisco-based company, doubleTwist, is releasing a service that makes it easy for consumers to share both user-generated and professionally created audio, photos and video clips via computers, certain mobile phones or PSP game players.
[0] comments (138 views) | link
Wed Feb 13, 2008
AvSoft Technologies website hacked
n what must be quite an embarrassing episode, Indian anti-virus company AvSoft Technologies has had its website hacked. Rather than offering protection from viruses, the site started downloading a virus to users’ machines.
AvSoft is a little-known security company, offering two main products, SmartCOP and SmartDOG. It also offers a service for recovering data after a virus attack has occurred
[0] comments (155 views) | link
Wed Jan 16, 2008
Most home routers 'vulnerable to remote take-over'
The weakness could allow attackers to redirect victims to fraudulent destinations that masquerade as trusted sites belonging to banks, ecommerce companies or health care organizations. The exploit works even if a user has changed the default password of the router. And it works regardless the operating system or browser the computer connected to the device is running, as long as it has a recent version of Adobe Flash installed.
[0] comments (208 views) | link
$20,000 Bounty Placed on Windows Flaws, Exploits
A private company has placed a $20,000 bounty on exploitable vulnerabilities in Microsoft's Windows operating system, a move that significantly raises the value of software flaw research.
Billed as a Hacker Challenge, the $20,000 "special prize" is being offered by Digital Armaments, one of several companies that pay hackers who agree to give them exclusive rights to advance notification of unpublished vulnerabilities or exploit code.
[0] comments (191 views) | link
Wed Jan 09, 2008
Open Source: 1 security exposure for every 1,000 lines of code
Open source code, much like its commercial counterpart, tends to contain one security exposure for every 1,000 lines of code, according to a program launched by the Department of Homeland Security to review and tighten up open source code's security.
Popular open source projects, such as Samba, the PHP, Perl, and Tcl dynamic languages used to bind together elements of Web sites, and Amanda, the popular open source backup and recovery software running on half a million servers, were all found to have dozens or hundreds of security exposures.
A total of 7,826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006, according to David Maxwell, open source strategist for Coverity, maker of the source code checking system, the Prevent Software Quality System, that's being used in the review.
[0] comments (194 views) | link
Mon Jan 07, 2008
The first spyware spreading with Facebook application
The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret Crush is installing Zango (aka AdWare.Win32.180Solution) with Iframe, technically from ZangoCash.com.
In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using “Secret Crush” (this happens frequently with Facebook’s Platform Application). [Figure 2] exhibits the social engineering speech employed by the malicious widget to get the user to install it.
[0] comments (229 views) | link
Wed Jan 02, 2008
Record data breaches in 2007
The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information.
And while companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late.
[0] comments (230 views) | link
Mon Dec 24, 2007
Trojan hijacks Google text ads
A new Trojan that hijacks Google text ads and replaces them with ads from a different provider has been picked up by BitDefender.
The antivirus company has identified the threat as Trojan.Qhost.WU which modifies the infected computer's host file, a local storage for domain name/IP address mappings.
The infected machine's browser then reads advertisements from a server at the replacement address rather than from Google.
[0] comments (204 views) | link
Sun Dec 09, 2007
Hackers Launch Major Attack on US Military Labs
Hackers have succeeded in breaking into the computer systems of two of the U.S.' most important science labs, the Oak Ridge National Laboratory and Los Alamos National Laboratory.
In what a spokesperson for the Oak Ridge facility described as a "sophisticated cyber attack," it appears that intruders accessed a database of visitors to the Tennessee lab between 1990 and 2004, which included their social security numbers and dates of birth. Three thousand researchers reportedly visit the lab each year, a who's who of the science establishment in the U.S.
[0] comments (216 views) | link
Tue Nov 27, 2007
QuickTime streaming media exploit targets unpatched bug
Hackers have created a proof-of-concept exploit for an Apple QuickTime player streaming media vulnerability.
Release of the exploit on Sunday follows hot on the heels of the public disclosure of the as-yet-unpatched buffer overflow bug, which involves the QuickTime RTSP (Real Time Streaming Protocol) Response Header, on 23 November by Polish security researcher Krystian Kloskowski.
Symantec reports that the exploit might be applied to attack users of the latest version of stand-alone QuickTime players (version 7.3), tricked into opening malicious content on hacker-controlled websites. The same attack only crashes the browser of users of QuickTime browser plugins. Email-based attacks featuring attachments with hostile XML code that open a connection to malicious servers are also possible. This attack requires users to double-click on the malicious QuickTime multimedia attachment to run.
[0] comments (336 views) | link
| NEXT page |