The show masks a deep fear among the global elite that it really doesn’t know the direction in which the world economy is heading.

continue reading.....

When you save a document in your word processor, your work is encoded in a particular file format. You often have a choice of formats that you can use, with names like DOC, DOCX, RTF, WPD or ODT. Your choice of format will influence whether others can easily read your document today, whether you yourself will be able to read your document ten years from now, and whether you will be able to migrate painlessly to another word processor or operating system if and when you choose to do so.

continue reading.....

The Lab’s YouTube Channel has been updated with a conficker presentation given by Mikko & Patrik back in February.

You’ll find it here:

  •  Case Conficker — Part 1
  •  Case Conficker — Part 2

On 31/03/09 At 03:06 PM

continue reading.....

read more

continue reading.....

continue reading.....

Walgreen says the program is a kind of experiment.

continue reading.....

Walgreen says the program is a kind of experiment.

continue reading.....

The Linux Foundation welcomed its newest member today, the European-based free and open source standards consulting firm, credativ. This new partnership is a particularly exciting one, thanks to credativ’s presence in the United Kingdom, Germany and Canada, and its focus on creating and implementing standards. Naturally, credativ’s business — providing consulting and support services to businesses using free and open source software — means it will take an active role in the Linux Standard Base workgroup. Because credativ is one of Europe’s largest employers of Debian developers, the company also plans to participate in the Desktop Linux workgroup.

continue reading.....

The Perfect Server – Fedora 10 [ISPConfig 3]

This tutorial shows how to prepare a Fedora 10 server for the
installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig
3 is a webhosting control panel that allows you to configure the
following services through a web browser: Apache web server, Postfix
mail server, MySQL, MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV,
and many more.

continue reading.....

The following article presents a status report on the development of five of the most active notation software projects for Linux. Most of them are works in progress, but all are well along on their development track and in varying states of usability.

read more

continue reading.....

Egerstad and I had concluded at the time that someone had likely infected computers belonging to embassy workers and human rights groups and was using Tor to anonymously transmit data that was being stolen from the computers. He’d inadvertently scooped up the stolen data as it was transmitting from the infected computers to another location. Threat Level contacted a number of embassy and rights groups in China to notify them at the time that their computers were being spied on, but none of the groups responded. It seems clear now that Egerstad had tapped into data that was being stolen by GhostNet.

continue reading.....

This communication provides additional information on the Fedora infrastructure intrusion first reported on August 14, 2008. In part this communication reiterates information provided in previous announcements.

[Includes a fairly detailed timeline of the incident.--gus3]

continue reading.....

JBoss CTO Sacha Labourey is leaving Red Hat. Labourey had been at JBoss for the past eight years, nearly three of which were under Red Hat’s ownership. Labourey’s departure comes over two years after JBoss founder Marc Fleury left Red Hat in 2007. Times are good for Red Hat if its most recent financial results are a good indicator. But it seems as though Labourey is just ready to move on and take life a little slower too.

continue reading.....

Karzai rushed the new Shia Family Law through parliament in a shameless bid to win votes in advance of national elections.

continue reading.....

Karzai rushed the new Shia Family Law through parliament in a shameless bid to win votes in advance of national elections.

continue reading.....

Karzai rushed the new Shia Family Law through parliament in a shameless bid to win votes in advance of national elections.

continue reading.....

This is the first time I ever used Puppy Linux and the interface is really impressive. The install was not as simple as I expected it to be. ( But then again, the Ubuntu based Distro’s have spoiled me, what can i say??? :) ). Also this is the first time I used JWM ( Java Window manager ). What really grasped me about Puppy Linux was how fast the applications launched. Also Puppy Linux reminded me of Slax on how fast the applications loaded, which is a good thing.

continue reading.....

A quick bash script to help measure process cpu usage over time and, possibly, do something about it ;)

continue reading.....

SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability

continue reading.....

Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability

continue reading.....

Hitachi JP1/Cm2/Network Node Manager Shared Trace Service Denial Of Service Vulnerability

continue reading.....

Apple Safari XML Parser Nested XML Tag Remote Denial of Service Vulnerability

continue reading.....

Sun Java System Calendar Server Duplicate URI Request Denial of Service Vulnerability

continue reading.....

Access Analyzer CGI Unspecified Privilege Escalation Vulnerability

continue reading.....

PrecisionID Data Matrix Barcode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities

continue reading.....

We recently received a Mac sample, with a Disk Image File (DMG) extension, that claims to be a MacCinema Installer. The file was downloaded from the following link:

  •  http://power-best.com/download/[...]/Flash.Player.Update.v9.19.dmg

This is a fake video site that serves a fake Adobe Flash Player update for Macs, supposedly to watch a video.

Anyway, when mounted the DMG file has a package file named “install.pkg”. Here’s the snapshot of what you get when you open the package:

The “install.pkg” file contains the following files:

We extracted the “Archive.pax.gz” which contains the following files:

We analyzed each file and found that “AdobeFlash”, “preinstall” and “preupgrade” are all the same thing, which is actually an obfuscated bash script:

So here’s the de-obfuscated script:

Based on the above code, the script searches for the string “AdobeFlash” in the Schedule Jobs list; if the string doesn’t exist, the script creates the following Schedule Job to run the “AdobeFlash” file every 5 hours.

“* */5 * * * “/Library/Internet Plug-Ins/AdobeFlash” vx 1>/dev/null 2>&1″

Here’s the de-obfuscated script after crontab instructions:

The above code reveals that it will download and execute files from the following site: http://94.247.2.[...]/cgi-bin/generator.pl.

Along with these downloads, it also sends the following information about the infected system:

  •  System Information Processor Type
  •  Computer Name

The downloaded file is also an obfuscated bash script:

Again, here’s the de-obfuscated script of the downloaded file:

The above code shows that it will modify the infected system’s DNS server to one of the following:

  •  85.255.112.205
  •  85.255.112.237

This range of IP Addresses is actually owned by UkrTeleGroup. We’d recommend blocking DNS traffic to 85.255.112.0 – 85.255.127.255.

Response Team post by — Lordian

On 31/03/09 At 09:37 AM

continue reading.....

Are you looking for free Blogger templates? Then here are two very well designed Blogger templates provided as a free download. They are aesthetic in their appearance and have a number of bells and whistles built in.

continue reading.....

Threat Level: Washington D.C. Restaurants Become Credit Card Cloning Hot Spots "Four former servers at three upscale Washington D.C. restaurants blocks from the White House were arrested last week for allegedly using covert skimming devices"

continue reading.....

Threat Level: Washington D.C. Restaurants Become Credit Card Cloning Hot Spots "Four former servers at three upscale Washington D.C. restaurants blocks from the White House were arrested last week for allegedly using covert skimming devices"

continue reading.....

Threat Level: Former Teen Stock Swindler Hit With New Hacking Charges

continue reading.....