Linux Hacks & Cracks - Page 62
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
At the 27th Chaos Communication Congress (27C3) in Berlin, security researcher Julia Wolf of US company FireEye pointed out numerous, previously hardly known, security problems in connection with Adobe's PDF standard. For instance, a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer.
The typical end-of-year security story generally involves a looming cyber threat or yet another major misstep by Microsoft. Well, there's good news on the security front this year -- and, like our other picks, it's gone largely unnoticed. A major hole in security has been plugged with the full deployment of Domain Name System Security Extensions (DNSSec) at the Internet's authoritative root zone.
At this week's Chaos Communication Conference, a group of hackers known as fail0verflow appeared to crack the PS3's randomized key cryptography and access the system's master code. The team demoed the alleged security flaw by creating a hack and installing Linux on the system.
Microsoft needs to start beefing up the security of its Windows Phone 7 App Marketplace. An ethical hacker provided WPCentral, a Windows Phone centric site, with a video showing proof-of-concept program that could grab any App from Marketplace and be installed for free sans any DRM security.
Federal investigators have seized servers allegedly abused to launch a denial of service attack against PayPal earlier this month. An affidavit obtained by the Smoking Gun contains testimony by federal agents convinced that systems at Texan hosting firm Tailor Made Services are likely to contain clues in the hunt for hacktivists who launched an attack against PayPal in response to its decision to freeze an account used by WikiLeaks.
Whatever assurances have been given about the security of GSM cellphone calls, forget about them now. Speaking at the Chaos Computer Club (CCC) Congress here Tuesday, a pair of researchers demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network
Regardless of what Sony might want you to think, piracy is not the only reason that people want to hack their PS3 to run software that isn
A database of 44,000 users' registration information from the Add-Ons server belonging to Mozilla was found to have been exposed for download. Mozilla says that it was informed by a security researcher, through Mozilla's Web Bounty Program, that the database was visible in mid-December.
Hackulous, the picaresque pirates best known for plundering Apple's DRM and capturing unprotected software for iPhone, iPod and iPad, yesterday unleashed an onslaught of updates, including cracking software for the much-anticipated Mac App Store and a "reverse BitTorrent" for jailbroken devices that aims to increase availability of cracked apps across the Web.
The security problems of 2010 are likely to continue and even escalate in 2011, with state-sponsored crime and data leaks from unhappy employees. State-sponsored crime has far more resources than ordinary hackers, and social networking is making the bad guys' job easier. But with Virtualization established, more security software may appear.
Carders.cc, a German security forum that specializes in trading stolen credit cards and other purloined data, has been hacked by security vigilantes for the second time this year. Also waking up to
Internet-connected HDTVs from one major manufacturer -- which appears to be Panasonic -- have security holes that could allow an attacker to trick users into giving up credit card information or other private data, according to a report by Mocana, which sells embedded security software solutions.
A data breach affecting Twin America, the parent company of CitySights NY, potentially compromised an estimated 100,000 customers' personal details, including credit card numbers. According to a security breach notification letter sent to the New Hampshire attorney general, as required by that state's laws, attackers successfully exploited a Twin America Web server by using a SQL injection attack.
The development team behind ProFTPD has released version 1.3.3d, which closes a critical security hole in the SQL module of all previous versions. The flaw was reported roughly a month ago in Phrack, the hacker magazine. A buffer overflow in the function sql_prepare_where() allows attackers to remotely execute arbitrary code on the server.
Spamhaus, the largest anti-spam entity, has recovered from a DDoS attack initiated against it over the weekend. The attack is attributed to the hosters of a WikiLeaks mirror called WikiLeaks.info in response to the Spamhaus
Attackers are already exploiting a bug in the Exim mailer to remotely execute code on compromised Linux machines, according to a pair of Linux security advisories. Posted on US-Cert as Vulnerability Note VU #682457, the bug exists in Exim mail server software prior to version 4.70. Affected systems include Debian Linux, Novell's SUSE Linux, and Canonical's Ubuntu Linux.
Whew! Is it just me, or is it getting tough to keep track of all the info spilled via this week's massive Gawker hack? The please-don't-call-it-Gawkergate. Gawker hacking story sprung up over the weekend, when a group known as "Gnosis" apparently made its way into the servers of Gawker Media. Gawker Media, if you aren't aware, is a publication group that runs gossip blog Gawker (no big surprise there) along with a slew of other websites like Lifehacker, Gizmodo, and Jezebel.
A former government contractor says that the U.S. Federal Bureau of Investigation installed a number of back doors into the encryption software used by the OpenBSD operating system. The allegations were made public Tuesday by Theo de Raadt, the lead developer in the OpenBSD project.
From a computer virus named for a stripper to swarming botnet attacks on the Pentagon and Microsoft, The Daily Beast lists the 10 most infamous hacks, worms, and DDoS takedowns in the last 25 years.
Officials from the Social Security Administration are assessing the damage done by an individual who is in custody in connection with the illegal computer download of the personal information of 15,000 New Yorkers who have filed disability claims.