Found n Submitted by : Zero Cool
Showing posts with label News. Show all posts
Showing posts with label News. Show all posts
Wednesday, April 13, 2011
Supreme Court of Canada vulnerable to xss attack !
Found n Submitted by : Zero Cool
Self-wiping hard drives from Toshiba
Toshiba announces a family of self-encrypting hard disk drives (HDDs) engineered to automatically invalidate protected data when connected to an unknown host.
The new Toshiba Self-Encrypting Drive (SED) models enable OEMs to configure different data invalidation options that align with various end-user scenarios.
Designed to address the increasing need for IT departments to comply with privacy laws and regulations governing data security, the drives are ideally suited for PC, copier and multi-function printer, and point-of-sale systems used in government, financial, medical, or similar environments with an acute need to protect sensitive information.
The new Toshiba Self-Encrypting Drive (SED) models enable OEMs to configure different data invalidation options that align with various end-user scenarios.
Designed to address the increasing need for IT departments to comply with privacy laws and regulations governing data security, the drives are ideally suited for PC, copier and multi-function printer, and point-of-sale systems used in government, financial, medical, or similar environments with an acute need to protect sensitive information.
IT data management concerns
LogLogic announced the findings to an IT Data Management survey carried out amongst 164 IT managers and directors.
The research aims to establish how IT data is being managed and utilised within UK organizations.
Key findings:
He continued: “Our research found that only 19.8 percent of c’level directors are currently asked to review IT data. This drops to 13 percent when the same question is asked of their board directors. This will however change in due course as IT data warehousing and management becomes the crux of IT decision-making and CIOs and IT managers assess their ability to implement modern computing models in the enterprise.
Current IT infrastructures have grown into a chaos of applications, agents and devices that generate an increasing amount of IT data. This data provides a wealth of information on how systems are being used, how they are performing, where to drive efficiencies, and how to meet compliance mandates and increase security.
The research aims to establish how IT data is being managed and utilised within UK organizations.
- Only 14 percent of survey respondents could say that they highly trusted the quality of their IT data and had no concerns. Staggering then that 81 percent said they used their IT data for compliance purposes.
- A huge 41 percent admitted that they couldn’t readily access all of their IT data and 48 percent added that it wasn’t in the right, useable format.
- 49 percent said that they couldn’t easily create reports. Confirming this, the research found that only 16.2 percent could create IT data reports in real time, 25 percent would take longer than five hours (and 13 percent of those estimating it taking longer than 24 hours).
- Of those who could create reports and insights from their IT data, only 26 percent said they were actionable.
- 43 percent don’t use their IT data to help manage service level agreements and 44 percent don’t use it for operational planning either.
- 36 percent of respondents estimate that less than 49 percent of the IT data that they need to need to report on and analyse is available to them and accessible for compliance, security or operational intelligence purposes.
He continued: “Our research found that only 19.8 percent of c’level directors are currently asked to review IT data. This drops to 13 percent when the same question is asked of their board directors. This will however change in due course as IT data warehousing and management becomes the crux of IT decision-making and CIOs and IT managers assess their ability to implement modern computing models in the enterprise.
Current IT infrastructures have grown into a chaos of applications, agents and devices that generate an increasing amount of IT data. This data provides a wealth of information on how systems are being used, how they are performing, where to drive efficiencies, and how to meet compliance mandates and increase security.
HD video security on the iPad
To help you keep tabs on your home or office anytime, anywhere, Logitech introduced the Logitech Alert app for iPad which makes it easy to access your Logitech Alert digital video security system.
The Logitech Alert app for iPad is one of the first iPad apps developed strictly for tablet-based HD digital video surveillance. The app lets you view 720p HD video coupled with rich sound quality that’s captured by the user’s Logitech Alert cameras — including the Logitech Alert 750i Master System, the weatherproof Logitech Alert 750e Outdoor Master System and any Logitech Alert Add-On Camera — giving you the ability to see and hear what’s going on at home or the office even when you’re miles away.
The Logitech Alert app for iPad is one of the first iPad apps developed strictly for tablet-based HD digital video surveillance. The app lets you view 720p HD video coupled with rich sound quality that’s captured by the user’s Logitech Alert cameras — including the Logitech Alert 750i Master System, the weatherproof Logitech Alert 750e Outdoor Master System and any Logitech Alert Add-On Camera — giving you the ability to see and hear what’s going on at home or the office even when you’re miles away.
App employs facial recognition to prevent visual eavesdropping
Oculis Labs released PrivateEye Enterprise, a desktop security application that employs facial recognition and detection algorithms with a standard webcam to actively protect information displayed on computer screens.
PrivateEye Enterprise offers a way to secure information used by CEOs, CFOs, auditors, consultants, lawyers, doctors, investigators, HR personnel and other users seeking greater privacy.
IT Administrators can manage client policies from a standard Group Policy Management console and can tailor PrivateEye Enterprise policies for the entire domain, business units, or individual users. Importantly, this solution complies with Windows’ Server Group Policy allowing any Windows-based organization to add PrivateEye Enterprise seamlessly to its existing IT infrastructure.
PrivateEye Enterprise offers a way to secure information used by CEOs, CFOs, auditors, consultants, lawyers, doctors, investigators, HR personnel and other users seeking greater privacy.
IT Administrators can manage client policies from a standard Group Policy Management console and can tailor PrivateEye Enterprise policies for the entire domain, business units, or individual users. Importantly, this solution complies with Windows’ Server Group Policy allowing any Windows-based organization to add PrivateEye Enterprise seamlessly to its existing IT infrastructure.
McAfee enhances its Network Security Platform
McAfee announced enhancements to its Network Security Platform which includes:
Enhanced botnet control: File and network connection reputation feeds from cloud-based McAfee Global Threat Intelligence allows Network Security Platform to perform in-line botnet prevention based on over 60 million malware samples and the reputation of hundreds of millions of network connections based on over two billion IP reputation queries each month. This external intelligence provides vital context for faster, more accurate detection and prevention.
Traffic analysis port: Traffic redirect capabilities allow arbitrary network traffic to be subjected to additional inspection by McAfee and third party products, including data loss prevention, network forensics and advanced malware analysis tools.
Virtual network inspection: Enables the Network Security Platform sensors to examine inter-virtual machine traffic on virtual environments and provide attack detection for virtual data center environments. Network Security Platform can inspect traffic both within virtual environments and between virtual and physical environments, giving organizations the same level of visibility regardless of where the traffic flows.
As enterprises consolidate data centers, adopt cloud-services, and virtualize critical infrastructure they need a way to unify security management across physical and virtual infrastructures. In partnership with Reflex Systems – a leader in virtualization management solutions – McAfee brings its threat detection and security management to virtual environments.
Together, McAfee and Reflex Systems will offer integrated virtual and physical security and management that enables customers to holistically monitor and understand security issues, easily apply best practices, and provide comprehensive reporting for compliance purposes across the current and next-generation data center infrastructure.
Microsoft Office for Mac 2011 SP1 released
Microsoft Office for Mac 2011 Service Pack 1 (14.1.0) fixes critical issues and also helps to improve security.
It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code. For detailed information about this update, please visit the Microsoft Web site.
Applies to:
It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code. For detailed information about this update, please visit the Microsoft Web site.
Applies to:
- Office 2011
- Office 2011 Home and Business Edition
- Word 2011
- Excel 2011
- PowerPoint 2011
- Outlook 2011
- Communicator 2011
- Office for Mac Standard 2011 Edition
- Microsoft Office for Mac Home & Student 2011
- Microsoft Office for Mac Academic 2011.
ESET NOD32 releases Antivirus for Linux 4 !
ESET NOD32 Antivirus 4 for Linux offers protection against cross-platform and emerging threats, enhancing the security of Linux platforms. The scanning engine automatically detects and cleans malicious code, including threats designed for Windows and Mac based systems.
Malaysiakini – Malaysia’s Most Popular News Website Shutdown’s after cyber attack !
It has been reported that Malaysia’s most popular news website Malaysiakini (http://www.malaysiakini.com) has been hit by cyber attack from 11 AM afternoon shutting the website down. The attack created a stir when the website stopped working just before the Sarawak election, making the website inaccessible to the readers. The attack has been diagnosed as Denial-of-service attack which is considered to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Denial-of-service attacks are considered violations of the IAB’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.
According to the technical team, the cyber attack has resulted in swarming the Malaysiakini servers to the point that they are unable to cope with the massive traffic. Highlighting the attack both the data centers TM Brickfields and Jaring have also been affected.
French Hacker Arrested After Bragging on TV !
After the programme aired, the company filed a complaint, claiming the hacker stole confidential information from its internal network.
The man, identified in only as Carl, was arrested on April 7 in Paris. When inspecting his computer, police found the details of hundreds of credit cards and bank accounts.
The hacker admitted selling the information on underground websites, as well as using them to make fraudulent purchases for himself and others.
BackTrack 5 will also be for Motorola Xoom
As of now, offensive-security have got a modified version of an Ubuntu 10.04 ARM image, chrooted on a Motorola Xoom. The tablet is running a modified, overclockable kernel (from 1.0 to 1.5 GHz). The chrooted BackTrack environment is running a VNC server, from which you can connect from the tablet itself. When run locally from the Xoom tablet, the VNC session does not lag, and the touch keyboard and touchscreen are very workable.
As expected from a chrooted environment, offensive-security are not using any custom drivers (for now), and injection and other related wireless attacks are NOT possible. Here’s a few screenshots we managed to scrounge from our dev box:
offensive-security hope to release a dev version of this image in a couple of weeks for other Xoom owners to play with. We’ll keep you posted !
Sunday, April 10, 2011
Anonymous Plans Sony Boycott on April 16
Say you're a hacker trying to cripple a major electronics company for suing its own users: how do you launch a cyberattack without harming the people you're trying to protect?
In the case of hactivist group 'Anonymous,' which has spent the week targeting Sony to retaliate against Sony's ongoing lawsuits against PlayStation 3 modifiers, you take it offline.
Anonymous is staging a 24-hour, in-store boycott at Sony stores around world on Saturday, April 16. So far over 1,000 people have RSVP'd through Facebook.
Saturday, April 9, 2011
DerbyCon Security Conference 2011
We are happy to announce that Offensive Security will be sponsoring DerbyCon. DerbyCon is a new hacker conference located in Louisville Kentucky. Our goal is to bring back an old style, community driven hacker con chocked full of amazing talks, live events and all around fun.
The idea for DerbyCon was created by Dave Kennedy (ReL1K), Martin Bos (PureHate), and Adrian Crenshaw (Irongeek). The goal came from a desire to see more of the old style talks and events of the cons of the past. We spoke to some in the community and our speaker list is already stacked with some of the industry’s leading minds and this is even before the call for papers has been issued. We are also happy to announce that DerbyCon’s call for papers is going live today, be sure to submit your talk if you have something cutting edge and high-speed. For information on how to submit go to http://www.DerbyCon.com/call-for-papers
In addition to some amazing talks there are a number of events scheduled including a very special appearance of Dual Core. Some of the events are Capture the flag, Network King of the Hill, Lockpick Village, Soldering Village, and Marathon “Hacker Movie” Theater to name just a few.
Finally, DerbyCon will be host to some specialized two-day training courses offered for only $825.00 for both days. DerbyCon will be at the Hyatt Regency in Louisville Kentucky, tickets will go on sale at 8:00AM on Friday April 29, 2011 for $125.00 for that weekend and go up to $150.00 on the following Monday. In addition, BSIDES Kentucky will also run at the same time as the training, so regardless if your in training or want to go to talks, they’ve got you covered.
For more information, be sure to visit http://www.DerbyCon.com for more information on this up and coming conference.
In addition to some amazing talks there are a number of events scheduled including a very special appearance of Dual Core. Some of the events are Capture the flag, Network King of the Hill, Lockpick Village, Soldering Village, and Marathon “Hacker Movie” Theater to name just a few.
Finally, DerbyCon will be host to some specialized two-day training courses offered for only $825.00 for both days. DerbyCon will be at the Hyatt Regency in Louisville Kentucky, tickets will go on sale at 8:00AM on Friday April 29, 2011 for $125.00 for that weekend and go up to $150.00 on the following Monday. In addition, BSIDES Kentucky will also run at the same time as the training, so regardless if your in training or want to go to talks, they’ve got you covered.
For more information, be sure to visit http://www.DerbyCon.com for more information on this up and coming conference.
Indian Revolution : Lets know about Anna Hazare !
1. Who is Anna Hazare?
Started his career as a driver in the Army and turned into a social activist.
2. What's so special about him?
He built a village Ralegaon Siddhi in Ahamad Nagar district, Maharashtra
3. So what?
This village is a self-sustained model village. Energy is produced in the village itself from solar power, biofuel and wind mills.
In 1975, it used to be a poverty clad village. Now it is one of the richest village in India. It has become a model for self-sustained, eco-friendly & harmonic village.
4. Ok,...?
This guy, Anna Hazare was awarded Padma Bhushan and is a known figure for his social activities.
5. Really, what is he fighting for?
He is supporting a cause, the amendment of a law to curb corruption in India.
6. How that can be possible?
He is advocating for a Bil, The Lok Pal Bill (The Citizen Ombudsman Bill), that will form an autonomous authority who will make politicians (ministers), beurocrats (IAS/IPS) accountable for their deeds.
8. It's an entirely new thing right..?
In 1972, the bill was proposed by then Law minister Mr. Shanti Bhushan. Since then it has been neglected by the politicians and some are trying to change the bill to suit thier theft (corruption).
7. Oh.. He is going on a hunger strike for that whole thing of passing a Bill ! How can that be possible in such a short span of time?
The first thing he is asking for is: the government should come forward and announce that the bill is going to be passed.
Next, they make a joint committee to DRAFT the LOK PAL BILL. 50% goverment participation and 50% public participation. Because you cant trust the government entirely for making such a bill which does not suit them.
8. Fine, What will happen when this bill is passed?
A LokPal will be appointed at the centre. He will have an autonomous charge, say like the Election Commission of India. In each and every state, Lokayukta will be appointed. The job is to bring all alleged party to trial in case of corruptions within 1 year. Within 2 years, the guilty will be punished. Not like, Bofors scam or Bhopal Gas Tragedy case, that has been going for last 25 years without any result.
9. Is he alone? Whoelse is there in the fight with Anna Hazare?
Baba Ramdev, Ex. IPS Kiran Bedi, Social Activist Swami Agnivesh, RTI activist Arvind Kejriwal and many more. Prominent personalities like Aamir Khan is supporting his cause.
10. Ok, got it. What can I do?
At least we can spread the message. How?
Putting status message, links, video, changing profile pics. Share this news links all over your Facebook/Twitter/email to all and on all Social Networking Sites !
At least we can support Anna Hazare and the cause for uprooting corruption from India.
At least we can hope that his Hunger Strike does not go in vain.
At least we can pray for his good health.
Friday, April 8, 2011
Progenic.com down with Social Engineering by Saken & Josh of TeamDX !
Progenic.com down with Social Engineering by Saken & Josh of TeamDX !
Method: Social Engineering via LiveChat + Phone + Support Ticket System
How: They had a SSN + DOB posted on their forum, Saken & Josh of TeamDX simply played the role of the person that the identity was stolen from, their domain registar which was located in the United States then decided that enough was enough but to shut them off.
Remember: Saken & Josh of TeamDX may not be able to get into your server/website, but Saken & Josh of TeamDX sure know the backdoor, your un-secure registars who are easily manipulative.
Saken & Josh of TeamDX could of gotten into your box, but Saken & Josh of TeamDX decided to lul about the domain going bye bye.
How: They had a SSN + DOB posted on their forum, Saken & Josh of TeamDX simply played the role of the person that the identity was stolen from, their domain registar which was located in the United States then decided that enough was enough but to shut them off.
Remember: Saken & Josh of TeamDX may not be able to get into your server/website, but Saken & Josh of TeamDX sure know the backdoor, your un-secure registars who are easily manipulative.
Saken & Josh of TeamDX could of gotten into your box, but Saken & Josh of TeamDX decided to lul about the domain going bye bye.
Google Fixing the little things !
Google Fixing the little things !
Ever since I joined the Gmail team, my friends have been eager to tell me, "I love Gmail ! Except for this one thing..." And every day, Gmail users share their "one thing" that would make Gmail better for them through our suggestions page. While we enjoy creating new solutions to old problems with features like Priority Inbox, those little annoyances and missing pieces are important, too. Recently, we've rolled out several small tweaks to Gmail to show it a little extra love.
Here’s a rundown:
IE9 exploit puts Windows 7 SP1 at risk !
Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9.