I expect many of you already were aware of this, but I can imagine at least some of you aren’t yet, so here goes: apparently you can lift the usage restrictions from Adobe PDF files by simply forwarding them as attachments to your Gmail account and opening them in HTML mode right from your inbox. That way, you can copy whatever the ‘secured’ PDF contains to a text editing program and do whatever you want with it.

For your reference: PDFs (Portable Document Format) can be encrypted so that a password is needed to view or edit its content, and they can also contain embedded DRM restrictions that provide further controls that limit copying, editing or printing.

Comments Off

Should The Government Jail The Hacker That Broke Into The Pentagon? Or Hire him?

Posted in July 31st, 2009

by admin in Company & Product Profiles, rss

British hacker Gary McKinnon has finally lost his latest High Court bid to avoid extradition to the United States to face charges for breaking into US military and Nasa computers in 2001 and 2002. After his arrest, and without a lawyer present, McKinnon admitted to hacking, but denies it was malicious or that he caused damage costing $800,000 (£487,000). The argument of his lawyers was not that he shouldn’t be tried, but that he should be tried in the UK and that his extreme Asperger’s Syndrome, an autism spectrum disorder, should be taken into account, especially since it could lead to suicide, if he was to be extradited.

He faces up to 70 years in prison if convicted in the U.S. of what prosecutors have called “the biggest military computer hack of all time”. He accessed 97 government computers belonging to organisations including the US Navy and Nasa.

Now, exactly what was this hack? McKinnon has always insisted he was looking for classified documents on UFOs which he believed the US authorities had suppressed. This is not a normal guy here. This is a mega geek who believed in UFOs. We’re not talking terrorist material. He’s been described as a 43-year-old “UFO eccentric”.

In fact McKinnon’s case reminds me very much of the story of John Forbes Nash, Jr., the subject of the 2001 movie A Beautiful Mind. Nash was a mathematical genius who suffered from extreme paranoia – but his work on game theory ended up contributing to U.S. strategy during the Cold War.

Should Gary McKinnon therefore be left to rot in a U.S. jail for the rest of his life? Or should his skills be put to better use?

Comments Off

Gary McKinnon loses final appeal

Posted in July 31st, 2009

by admin in hacking, rss

Phil Muncaster, V3.co.uk, Friday 31 July 2009 at 10:43:00

Nasa hacker faces near-certain extradition

Nasa hacker Gary McKinnon has lost his
latest
bid to be tried in the UK, and is now almost certain to face trial in the
US.

Despite
widespread
support for his case from London mayor Boris Johnson, the Daily
Mail and several MPs, McKinnon was told by the High Court that he must be
extradited to the US.

According to reports, Lord Justice Stanley Burnton and Mr Justice Wilkie said
that extradition was “a lawful and proportionate response to his offending”.

The 43-year old from London has admitted hacking into the computer systems of
the Pentagon and Nasa in 2001 and 2002, claiming that he was looking for
evidence of extraterrestrial life.

McKinnon’s defence team has argued that the US authorities are likely to make
an example of McKinnon and punish him with the maximum possible sentence,
potentially 60 years in a maximum security prison.

Glasgow born McKinnon has appealed to the home secretary, the European Court
of Human Rights and the Crown Prosecution Service to be tried in the UK, and
this judicial review in the High Court could be his last chance.

Supporters of McKinnon have argued that the Asperger’s sufferer would be
unable to cope with life in a maximum security prison. Earlier this month the
Conservative Party got behind McKinnon, using his case to
question
current extradition laws.

Comments Off

sqlmap 0.7 Released – Automatic SQL Injection Tool

Posted in July 31st, 2009

by admin in automatic sql injection, Database Hacking, database-security, Hacking Tools, rss, sql-injection, sql-injection-tool, sqlmap, Web Hacking, web-application-security

We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008.
For those not familiar with the tool, sqlmap is an open source command-line automatic S…

Comments Off

jpss-xss.txt

Posted in July 31st, 2009

by admin in rss

Jokes Portal Script Seo version 1.0 suffers from a cross site scripting vulnerability.

Comments Off

Podcast Special: Views from the Valley

Posted in July 31st, 2009

by admin in enterprise-security-technology, hacking, rss

V3.co.uk, Friday 31 July 2009 at 10:25:00

The latest news from the Black Hat 2009 conference

Iain Thomson reports from Las Vegas on developments in the security world,
including Bruce Schneier’s new theories about humans’ innate inability to
comprehend computer security, attacks against Advanced Encryption Standard and
Public Key Infrastructure, and Microsoft’s community security initiative.

Comments Off

Shill-Shocked: The Dark Side of Community Discussion

Posted in July 31st, 2009

by admin in linux, rss

When does free speech become a club that actually stifles the free flow of ideas? That’s just one potential ramification of the question posed to the FOSS community this week: What makes someone a “shill”? This negative label can come with a pretty sharp sting. Does concern over negative criticism and even ostracism cause some people to keep their good ideas to themselves?

Comments Off

Human brains not wired for modern IT security

Posted in July 31st, 2009

by admin in enterprise-security-technology, hacking, rss

Iain Thomson at Black Hat USA 2009 in Las Vegas, V3.co.uk, Friday 31 July 2009 at 09:09:00

The neocortex is ‘still in beta’, says security expert

Security expert
Bruce
Schneier told delegates at the
Black
Hat USA 2009 conference that the human brain is not suited to IT security in
the modern world.

Schneier said in his address that, in evolutionary terms, the human brain
cannot deal with the complex threats that dog the modern environment, and that
computer security is unlikely to be solved in our lifetimes.

“We have Stone Age brains. We respond to stories not data,” he said. “We are
very good at living in small family groups in the East African highlands, but we
do not have a lot of experience in the modern world.”

Schneier suggested that this had a direct relevance to computer security in
that humans tend to think along narrative rather than empirical lines. For
example, having a firewall is perceived as a great protector of a computer, but
in fact a poorly configured firewall is worse than useless.

He also cited biometrics and airport security as cases in point, where
seemingly good security measures are actually counterproductive.

There are two key parts of the brain that respond to stress. The
amygdala,
which is one of the oldest parts of the brain stem, deals with the fight or
flight reflex. This is present in ancestors as far back as fish.

But advanced mammals have the
neocortex,
which makes people think rationally about the potential risks. This is how
humans mitigate risks and rewards.

“This only exists in mammals. It is the newest part of the brain, kind of
still in beta testing,” said Schneier, giving the example of someone getting a
dressing down from their boss and not feeling inclined to stab the person or run
away.

However, this logical reasoning comes with certain costs, and raises
interesting questions from a security standpoint.

Humans are story-telling creatures, Schneier explained, and good stories
capture our interest despite the fact that they may be factually harmful. This
tendency in humans will make security a hard goal to reach.

Comments Off

Phoronix announces release date for open source benchmark tools

Posted in July 31st, 2009

by admin in linux, rss

Online media company Phoronix Media has announced the availability of version 2.0 of its Phoronix Test Suite (PTS) and the pre-release of PTS Desktop Live 2009.3 (code named “Gernlinden”). According to Phoronix founder Michael Larabel, Phoronix Test Suite 2.0 and PTS Desktop Live 2009.3 (beta) will both be available on the 4th of August.

Comments Off

Posted in July 31st, 2009

by admin in rss

A culture that cannot distinguish between reality and illusion dies. A visit to a Las Vegas porn convention reveals we are dying now.

CentOS is not dead or going away. The signers of the Open Letter are fully committed to continue the CentOS Project. Updates and new releases will continue.

Comments Off

Vegas Baby!

Posted in July 31st, 2009

by admin in rss

In Las Vegas, the first day of the Black Hat briefings is nearly complete. Black Hat is one of the biggest security conferences and always attracts skilled researchers to present their work.

Jeff Moss opening BlackHat 2009

Having worked quite a bit with our BlackLight rootkit scanning technology I ended up sitting a lot in the Rootkit track sessions. Day 1 included some interesting presentations:

Stoned Bootkit, Peter Kleissner

Peter presented an open development framework for creating rootkits that activate early on in the boot process using the Master Boot Record. Most of the technology is something we’ve seen in previous research, but the scary part lies in the extensibility of the Stoned Bootkit.

Stoned Bootkit

Peter briefly touched on some sample extensions. One example was the CO2 rootkit plugin that used ACPI to slow the CPU down to save the environment! Now this is all very nice, but I expect that the most enthusiastic users for the Stoned Bootkit framework will be in the malware author community. And please take my word on this: they’re not in it to save the rainforests.

Introducing Ring -3 Rootkits, Alexander Tereshkin and Rafal Wojtczuk

Rootkits keep developing. In the past years, they’ve gone from usermode (Ring 3) to the kernel (Ring 0), from kernel to the hypervisor (Ring -1) and all the way to System Management Mode (Ring -2).

Alexander Tereshkin presenting

Alexander and Rafal explored the possibility of running malicious code in the Intel AMT execution environment. AMT is meant for remote management, but unfortunately what is remote management for the good guys is a rootkitted backdoor for the attackers. I’m betting this is not the end of the rootkit countdown, though. Anyone care to guess where the Ring -4 rootkits will run? I’m sure we’ll see soon.

Of course not everything has been about rootkits. The first day included not one but two interesting talks on X.509, which is one of the building blocks of SSL/TLS.

Among other things, Moxie Marlinspike and Dan Kaminsky had independently found a problem in most implementations that enables an attacker to create certificates that appear valid for any web site. By cleverly embedding NULL characters to the certificate name field, a browser will incorrectly match a malicious certificate to a valid web site. Nice work from both researchers!

Signing off from Las Vegas,
Antti

PS. If you are attending, don’t miss Mikko’s talk on the Conficker worm on Thursday afternoon!

On 30/07/09 At 02:52 AM

Comments Off

Fed Up, A Popular Mac Developer Quits The iPhone

Posted in July 31st, 2009

by admin in Apple, AT&T, Company & Product Profiles, iphone, palm-pre, rss

By now, you’ve heard the horror stories. Developers put their heart and soul into building an application for the iPhone App Store only to have it rejected by Apple. And sometimes apps are at first accepted and then later pulled for odd reasons. And sometimes app updates are rejected, even though there isn’t much difference with the version accepted. We get a half dozen or so stories sent to us now every single day. It’s no wonder that a lot of mobile developers are growing wary of the App Store. But Steven Frank is not one of those developers.

Steven Frank doesn’t make iPhone apps, specifically for the reasons stated above. But he is a very popular Mac developer, that co-founded the OS X development house Panic, makers of the popular coding application Coda, among other apps. Frank is well-known in some circles as a Mac enthusiast. You know, the kind of person that is often derided as a “fanboy.” And that’s why what I’m about to tell you is surprising: He’s ditching his iPhone.

Comments Off

Thoughts from Black Hat USA 2009

Posted in July 31st, 2009

by admin in rss

Black Hat USA 2009 is history. My two classes of TCP/IP Weapons School 2.0 went very well. I should be back to teach in DC, Barcelona, and Las Vegas next year. Thank you to my students for your positive feedback and cooperation in class! Despite yo…

Comments Off

Linux Doomed to Virus Plague. (Again.)

Posted in July 31st, 2009

by admin in linux, rss

What will happen as Linux continues to grow, and especially as it reaches increasing numbers of unsophisticated users? Doesn’t common sense dictate that it will suffer increasing levels of attack and compromise?

Comments Off

« Previous Page — Next Page »

M	T	W	T	F	S	S
« Jun				Aug »
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

M	T	W	T	F	S	S
« Jun				Aug »
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Archive for July, 2009

Advertisments

Popular Tags

Recent Entries

Recent Comments

Social Network

Subscribes

Meta

Archives

Also

rss