features

post news


(SMS/Articles)

search files, exploits & links sections:

featured download

GFI LANguard – Scan for and remediate security vulnerabilities. Now in FREEWARE!
Download here

Recent News
MS forensics tool leaks onto the web
@ Nov 13 2009, 12:12 (UTC+0)
From: Amos-Trask :
   Microsoft's point-and-click "computer forensics for cops" tool has leaked onto the web.

COFEE (Computer Online Forensic Evidence Extractor) is designed to allow law enforcement officers to collect digital evidence from a suspect's PC without requiring any particular expertise. Using the technology - which recovers a list of processes running on an active computer at the scene of an investigation - involves inserting a specially adapted USB stick into a computer.
Continued...
Leaking crypto keys from mobile devices
@ Oct 22 2009, 12:01 (UTC+0)
From: data :
   Security researchers have discovered a way to steal cryptographic keys that
are used to encrypt communications and authenticate users on mobile devices
by measuring the amount of electricity consumed or the radio frequency
emissions.
Continued...
Spamwashers hijacked, a wake-up call for lazy sysadmins everywhere
@ Oct 05 2009, 16:31 (UTC+0)
From: PSY0NIC :
   A Third Time, Uncharmed

Spamwashers hijacked, a wake-up call for lazy sysadmins everywhere. The slow bruteforcers are back for another round.

A new round of slow, distributed bruteforce attacks is in progress. Just like the other times we know about (see references later), the initial target is root. This time around I see only one of my ssh-contactable machines targeted, and the dribble started on September 30th.
Continued...
Microsoft to release free anti-virus software today
@ Sep 29 2009, 20:48 (UTC+0)
From: Kirt :
   Security Essentials has been available in beta since June, but will go live for everyone on 29 September. The software will update its anti-virus signature daily to deal with new threats.
Continued...
TI vs. Calculator Hackers
@ Sep 25 2009, 22:35 (UTC+0)
From: data :
   "So a bunch of TI calculator programming enthusiasts got together to factor the keys Texas Instruments uses to sign the operating system binaries for the ti83+ (a z80 architecture) and the ti89/v200 (a 68k architecture) series of calculators. Now Texas Instruments is sending out DMCA notices to take them down."

Continued...
Discuss Here

Verizon, AT&T: Net neutrality not OK for wireless
@ Sep 22 2009, 06:15 (UTC+0)
From: spider-man :
   The wireless industry is gearing up to fight new Net neutrality rules that the Federal Communications Commission is formulating to keep the Internet open.

On Monday, FCC Chairman Julius Genachowski gave a speech at the Brookings Institute in Washington, D.C., outlining plans to turn the agency's principles for open Internet access into official regulation.

In addition to making sure that network operators cannot prevent users from accessing lawful Internet content, applications, and services of their choice, or attaching unharmful devices to the network, Genachowski wants to add two more rules.

Continued...


Linux webserver botnet pushes malware
@ Sep 14 2009, 11:02 (UTC+0)
From: Cygnum :
   A security researcher has discovered a cluster of infected Linux servers that have been corralled into a special ops botnet of sorts and used to distribute malware to unwitting people browsing the web.
Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware.

Continuted..
Bug exposes eight years of Linux kernel
@ Aug 14 2009, 15:56 (UTC+0)
From: Kirt :
   Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.
Continued...
Linux Credit Card
@ Jul 30 2009, 12:08 (UTC+0)
From: data :
   The Linux Foundation is pleased to offer a Linux-branded affinity credit card for those who want to support the Linux Foundation's activities while expressing their commitment to Linux. The Linux-branded credit card is an easy way for anyone to contribute to the growth of Linux and identify themselves as supporters of the community by carrying Tux in their pocket.
Continued...
NIST announces SHA-3 round 2 candidates
@ Jul 26 2009, 07:57 (UTC+0)
From: data :
   A report summarizing NIST's selection of these candidates will be
forthcoming. A year is allocated for the public review of these
algorithms, and the Second SHA-3 Candidate Conference is being planned
for August 23-24, 2010, after Crypto 2010.

Shortlisted for round 2:

BLAKE,Blue Midnight Wish,
CubeHash,ECHO,Fugue,
Grostl,Hamsi,JH,Keccak,Luffa,
Shabal,SHAvite-3,SIMD,Skein

Continued...
iPhone security cracked, smacked and broken
@ Jul 24 2009, 20:02 (UTC+0)
From: Kirt :
   A researcher has delved into the encryption used to protect content on the iPhone 3GS, only to claim it is "entirely useless" and that he had "[never] seen encryption implemented so poorly before".
Continued...
IEEE 802.11n Heads for a September Finish
@ Jul 23 2009, 18:48 (UTC+0)
From: looserpedro :
   The IEEE 802.11n standard is likely to be approved in September, making the high-speed wireless LAN technology official after about seven years of wrangling and refinement.
Continued...
Chinese firms behind 'Sexy Space' Trojan
@ Jul 22 2009, 20:35 (UTC+0)
From: Kirt :
   F-Secure has identified three China-based companies as the creators of the "Sexy Space" Trojan, which was identified last week to have passed through Symbian Foundation's digital-signing process.
Continued...
Linux flaw bypasses security
@ Jul 22 2009, 16:01 (UTC+0)
From: Kirt :
   A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system.
Continued...
New Technology to Make Digital Data Self-Destruct
@ Jul 22 2009, 09:39 (UTC+0)
From: Cygnum :
   A group of computer scientists at the University of Washington has developed a way to make electronic messages “self destruct” after a certain period of time... the researchers said they had struck upon a unique approach that relies on “shattering” an encryption key that is held by neither party in an e-mail exchange but is widely scattered across a peer-to-peer file sharing system.

Continued...
Five Technologies Iran is Using to Censor the Web From IP blocking to DPI, a look at how the Iranian government is censoring dissent
@ Jul 21 2009, 09:14 (UTC+0)
From: looserpedro :
   
One month after a disputed presidential election sparked widespread unrest in Iran, the country's government has initiated a cyber-crackdown that is challenging hackers across the globe to find new ways to help keep Iranian dissidents connected to the Web.

Continued...
Could You Be Hacked Like Twitter?
@ Jul 21 2009, 09:04 (UTC+0)
From: looserpedro :
   The French hacker who broke into Twitter's Google Apps and stole more than 300 private company documents has revealed in detail how he did it. Using a method known as "cracking," the man who goes by the name Hacker Croll was able to break down Twitter security by trolling the Web for publicly available information, according to TechCrunch. Eventually, Croll found one weakness many of us are guilty of -- using one password for everything -- and Twitter's security was compromised. Read on to see how Hacker Croll did it, and consider whether access to your digital life could be breached by his methods.
Continued...

Editor note: What is interesting is it works!
How to use electrical outlets and cheap lasers to steal data
@ Jul 16 2009, 15:34 (UTC+0)
From: human :
   If attackers intent on data theft can tap into an electrical socket near a computer or if they can draw a bead on the machine with a laser, they can steal whatever is being typed into it.

How to execute these attacks will be demonstrated at the Black Hat USA 2009 security conference in Las Vegas later this month by Andrea Barisani and Daniele Bianco, a pair of researchers for network security consultancy Inverse Path.
Continued...
Ever Better Cryptanalytic Results Against SHA-1
@ Jul 15 2009, 16:49 (UTC+0)
From: data :
   The SHA family (which, I suppose, should really be called the MD4 family) of cryptographic hash functions has been under attack for a long time. In 2005, we saw the first cryptanalysis of SHA-1 that was faster than brute force: collisions in 2^69 hash operations, later improved to 2^63 operations. A great result, but not devastating. But remember the great truism of cryptanalysis: attacks always get better, they never get worse. Last week, devastating got a whole lot closer. A new attack can, at least in theory, find collisions in 2^52 hash operations -- well within the realm of computational possibility. Assuming the cryptanalysis is correct, we should expect to see an actual SHA-1 collision within the year.

Note that this is a collision attack, not a pre-image attack. Most uses of hash functions don't care about collision attacks. But if yours does, switch to SHA-2 immediately.

This is why NIST is administering a SHA-3 competition for a new hash standard. And whatever algorithm is chosen, it will look nothing like anything in the SHA family (which is why I think it should be called the Advanced Hash Standard, or AHS).

A copy of this essay, with all embedded links, is
Here...

Source: Bruce Schneier Blog
Acceptable DRM? PRISM thinks so
@ Jul 10 2009, 21:01 (UTC+0)
From: Iolaus :
   Apparently so, and in the world of computer games no less. Yes I know this confounds previous media coverage, or user experience, with games DRM (e.g. think Spore), but there is strong indication that one company may have come up with something close to acceptable DRM for gamers.

Continued...

Articles -> Networking

Top of page
featured article
List puzzle
Your friendly 3 letter organization is in the neighborhood hiring mathematicians and computer scientists. One of their interview questions reads as follows:. Let H be the pointer given to the head
read here

poll
Which profesional degree do you think will meet your needs best?

 Bachelor Degree
 Master's Degree
 PhD.
 Post Doctoral
 Degree's are just shiny feel good papers. I don't need 'em.
 Others-I am discussing this in the off-topic forums
total votes: 5
read comments (0)
write comment

Poll archive
linking & backends
Information about how to link to NewOrder.

New Order news rss feed, a sms rss feed or a complete list.