New Spam Attack Exploits Edunet Servers

May 5, 2008 – 3:04 PM

Researchers have discovered a new, complex spam attack that uses a sophisticated ruse to fool users into downloading malware.

The exploit, which researchers at BitDefender call “a spam-sending scheme of Byzantine complexity,” features spam messages that claim to contain links to videos. When users try to click and see the video, they are instead prompted to download a “media player.”

The download is in fact Backdoor.Edunet.A, a piece of malware that uses victims’ computers as a channel for sending commands to a series of mail servers. The mail servers, which are used to spread spam, are mostly in the .edu and .mil domains, BitDefender says.

The list of servers is retrieved by the Trojan from a series of Web servers that are either compromised themselves or part of the attackers’ own network. The list of Web servers is continuously changing, but that of the targets has, so far, remained constant, the researchers say.

The Trojan sends the commands in the hopes of finding an open relay — a misconfigured mail server that allows anyone to send messages — which makes it appear that any mail originating from the Trojan has actually been sent from the open relay.

BitDefender researchers have determined that, at least currently, none of the servers in the current target list are actually vulnerable.

“It’s not every day that you stumble on the workings of an honest-to-God hacking ring, let alone one that has a predilection for using military and university-run mail servers as spam relays,” declared Sorin Dudea, BitDefender’s head of antivirus research. “It would be interesting to identify what, if anything, the institutions that own the targeted servers have in common.”

Source: Dark Reading

Posted in Internet, Privacy, Security | No Comments

House of Hackers

May 5, 2008 – 8:53 AM

House of Hackers is an exclusive, hacker community network. The House of Hackers community is established to support the hacker culture, mindset, way of life, ideologies, political views, vision, etc.

Members of the community are able to exchange ideas with each other, communicate, form groups, elite circles and tiger/red teams, conglomerate around projects and participate in the independent, hacker recruitment market. The market is designed to provide opportunities to the House of Hackers members in a free, open and fair manner.

Hacker Recruitment Market

The hacker recruitment market is designed to provide business opportunities to gifted members of our community.

Organizations, which are looking to hire independent Information Security consultants or Tiger/Ted teams, can post a description of the job and the desired qualifications which are expected from the participants. Various groups and members can contact the publisher directly and arrange any further details between themselves.

The market is open because the better you are in what you do the more work you will be able to get and the higher profile you will eventually build. This approach allows gifted security consultants to escape from their boring everyday routine and start a new life full of excitement and new opportunities. It is needless to say that these types of services are better payed as you will be able to cut the middle man and take all the profit for yourself.

The market is open and it is only supervised by the House of Hackers board members. Fees will be accepted for each posting which will be feeded back to the community through the various funding and research programs we are planning to initiate very soon.

As you’ve probably notice, this program is at a very early stage. We will ask you to join the House of Hackers network and also spread the word by linking to this site, talking about it in blog posts showing network badges, etc. The sooner we build the community and aggregate companies to support the idea the better for you and all other members. If you want to break free of the monotony, this is your only chance. Whatever we build here it will work for you.

If you are an organization seeking to explore opportunities with the House of Hackers network, please contact us now. We can assure you that members of this network will provide far much better service then any other information security company out in the market today.

Source: GNUCITIZEN

Posted in General BS, Privacy, Security | No Comments

Cross-Site-Scripting with Morse code

May 5, 2008 – 7:58 AM

Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in your address bar.

The website in question takes user input as Morse code and translates it into plain text using PHP script. Unfortunately, the programmers forgot to check the script’s input and output, allowing JavaScript to be included and executed on the website that displays the results of the translated Morse code.

This vulnerability demonstrates that developers of apparently harmless Web applications, that were never intended to be used as serious tools, have to be just as careful as programmers of local applications when it comes to checks of user input. In this case, simply checking the input with the PHP function html-entities() would have converted the output of the script into harmless encoded HTML. For further tips on how to secure your own web applications, see heise Security’s background article entitled Server peace – Individual security measures for PHP applications.

Read the rest of the story…

Posted in Coding, Internet, Privacy, Security | No Comments

High-Security Flash Storage

May 5, 2008 – 7:34 AM

If you think of flash memory, people typically think of USB memory sticks or memory cards for digital cameras and camcorders. But the potential applications for flash have expanded tremendously. The media started off as non-volatile memory for firmware on PCs and consumer electronics devices. It then became an ultra-portable storage technology that conquered the PC and consumer electronics sectors at their intersection in multiple formats, such as compact flash or SD. It has finally reached a state of development in which flash-based solid state disks (SSDs) can even outperform conventional hard drives (at the expense of capacity).

However, having access to your most important data wherever you go will be one of the key goals in coming years, and we see ultra-portable flash memory devices meeting this demand until the day when wireless networks such as GSM, 3G, WiMAX or WLAN become completely ubiquitous. But still, users will always likely want to have a storage device that can securely hold all of their key data, which they can take with them wherever they go.

While competition in the memory sector is fierce, some brands have managed to carve out a good reputation: G.skill, Mushkin, OCZ, Patriot and Supertalent are well known for their top-of-the-line enthusiast products. Other such as A-Data, Buffalo, Crucial, GeIL or Kingston offer outstanding products as well. Corsair, which was the first memory vendor to offer overclocking products back in the times of first-generation SDRAM, is considered the number-one player in this business and tries to transfer its reputation into other product areas.

Flash memory products seem to be suitable to expand member vendors’ product portfolios, as they’re based on technologies that are not only attractive to PC enthusiasts, but also to less-technical PC users. The Flash Voyager was Corsair’s first USB flash memory stick, which is available in capacities of 2 GB to 32 GB today. Flash Voyager GT is the high-performance product that is only available with a capacity of 16 GB, while delivering throughput beyond 20 MB/s. While most USB Flash memory vendors offer smaller and smaller products, some focus on offering robust and secure solutions. This is exactly what Corsair attempts to do with its Flash Survivor series, which combines robustness with data security features.

Read the rest of the story…

Posted in Hardware, Privacy, Security | No Comments

You Want 4 GB RAM on Your Notebook?

May 5, 2008 – 7:27 AM

The question of how much RAM you really need is discussed roughly once every two years, and with every launch of a new Windows version. While there are so-called sweet spots at any given time, factors such as the operating system and popular applications have an influence on the ideal amount of RAM as well. 512 MB RAM can be considered the minimum memory capacity to execute Windows XP or Windows Vista today. However, anything less than 1 GB will have a noticeable performance impact, as the operating system will swap data onto your hard drive—which brings down performance and battery runtime on notebooks. Given that, we looked at the opposite end of the equation: what would happen if you went for a comfortable 4 GB RAM capacity on your notebook?

While this question may appear exaggerated for most users, there is one important factor that should be brought into the equation: RAM prices have been falling continuously during the last 12 months. This mainly applies to desktop memory, but notebook DIMMs have also become extremely affordable.

Let’s look at some examples: a 2x 2-GB SO-DIMM kit (DDR2-667) can be found for less than 60 Euros in Europe or for less than $80 in the US. 2 GB notebook memory kits (1x 1 GB) start at only or $38. These prices don’t apply for the best-in-class products you can find, but for the best prices we found on brand products. If you relate the memory cost to the price of a decent laptop, you’ll realize that an investment of $40 or even $80 for 4 GB of RAM is more than reasonable, despite the fact that a 32-bit Windows operating system cannot utilize the entire amount.

Read the rest of the story…

Posted in Hardware | No Comments