Security Hero Rotating Header Image

May 26th, 2009:

4108

4108

IRC/SdBot (2), SWF/Exploit.Agent.AB (2), Win32/Adware.Antivirus2008, Win32/Adware.BHO.NCX, Win32/Adware.SpywareProtect2009 (2), Win32/Adware.XPGuard, Win32/Agent.PIS, Win32/Agent.PIX, Win32/AutoRun.Agent.IE (3), Win32/AutoRun.FlyStudio.KB, Win32/AutoRun.VB.CD, Win32/Delf.NHH, Win32/Injector.MB, Win32/Injector.MC, Win32/Injector.MD, Win32/Injector.NV, Win32/IRCBot.ADZ, Win32/Koutodoor.AB (4), Win32/Koutodoor.G, Win32/Kryptik.QN, Win32/Lanc.A, Win32/Pacex.Gen (2), Win32/PSW.OnLineGames.OIX, Win32/PSW.YahooPass.NAD, Win32/StartPage.BR, Win32/TrojanClicker.Agent.NGS (2), Win32/TrojanDownloader.Agent.OXU, Win32/TrojanDownloader.Agent.OYU, Win32/TrojanDownloader.Banload.OOC, Win32/TrojanDownloader.Banload.OOP, Win32/TrojanDownloader.Bredolab.AA (2), Win32/TrojanDownloader.Delf.ORH, Win32/TrojanDownloader.Small.OKW (2), Win32/TrojanDownloader.VB.NWO, Win32/TrojanDownloader.Zlob.CZK, Win32/TrojanDropper.Agent.NSS, Win32/TrojanProxy.Small.NCA, Win32/Wigon.KU

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6077&Itemid=26

It’s time for the FTC to investigate Mac security

It’s time for the FTC to investigate Mac security

When I read the headline about a security researcher who had published proof-of-concept code for a vulnerability, I was upset. To disseminate proof-of-concept code is to basically say, “Here is a way to attack computers for those of you who can’t figure out how to do it yourselves.” The analogy that comes to mind is to throw a gun on a playground and let kids figure out how to load it.

By the time I had finished reading the article, though, my attitude had changed.

The purpose of stunts such as this one is to embarrass a vendor into fixing problems and writing better software. The problem with that scheme is that even when it works exactly as planned, it is users who get hurt, not the vendor. A significant number of users just do not implement fixes when they are available. These people are the ones who suffer (along with all those innocent third parties who pay the price when the PCs belonging to inattentive users are compromised and added to a botnet).

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31474

90 percent of e-mail is spam, Symantec says

90 percent of e-mail is spam, Symantec says

Spammers seem to be working a little bit harder these days, according to Symantec, which reported Tuesday that unsolicited e-mail made up 90.4 percent of messages on corporate networks last month.

That represents a 5.1 percent increase over last month’s numbers, but it’s nothing out of the ordinary. For years, spam has made up somewhere between 80 percent and 95 percent of all e-mail on the Internet.

Symantec reported that nearly 58 percent of spam is now coming from so-called botnets –networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam. The worst of the spamming botnets — called Donbot — generates 18.2 percent of all spam, according to Symantec.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31473

What’s Next for Energy Star

What’s Next for Energy Star

Now that the first-tier specification for energy-efficient enterprise servers is completed, the EPA is turning its focus to larger servers, blades and storage arrays. Energy Star director Andrew Fanara says that with the Tier 1 requirement in place, a key benchmark has been established that will help speed along future specification sets.

Two-and-a-half years and one far-ranging equipment specification later, the Environmental Protection Agency’s Energy Star program for data center equipment is now looking ahead to providing new levels of environmental guidance.

As of May 15, 2009, CTO/CIOs and data center managers evaluating various brands of servers for purchase have another important factor to consider: whether or not the server has passed the qualifications to wear the EPA’s Energy Star label as being energy-efficient and environmentally friendly.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31472

Microsoft Removes Windows 7’s “Crippleware” 3 App Limit

Microsoft Removes Windows 7’s “Crippleware” 3 App Limit

A reversal seemed highly likely from the moment Microsoft announced a 3 application limit in the Windows 7 Starter Edition OS planned for netbooks. You could practically hear the industry utter a collective boo even before the electronic ink was dry on that Microsoft decision. Credit Paul Thurrott who got the goods about Microsoft removing the app limit.

The 3 app limit (max of 3 applications running concurrently) was Microsoft’s way of stopping users from taking W7 Starter Edition and running it on more powerful hardware, figuring netbook users could get by with just running 3 apps concurrently. It may even be questionable whether most netbooks can run much more than 3 apps anyway. (I’m still not convinced networks will be much more than a very small niche part the market, but then again, that’s for a different blog post. ) But the last thing Microsoft needs to do is help out full featured netbook contender Linux, by imposing seemingly capricious limitations like the 3 app limit.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31471

O2 plays down Palm Pre carrier rumours

O2 plays down Palm Pre carrier rumours

O2 has denied rumours that it is to become the exclusive carrier for the much-hyped Palm Pre smartphone when it launches in the UK later this year.

A report in The Guardian on Sunday claimed that O2 had sealed the deal with Palm, which has already signed up Sprint in the US where the Pre will be released in limited numbers next month.

However, an O2 spokesperson said today: “We do not comment on rumour and speculation, and have made no announcement on this particular handset.” If the rumour is confirmed, it will be good timing for O2. Although the company is currently the exclusive provider for the iPhone, Apple is expected to open up the handset to other operators in the UK.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31470

Nokia Ovi Store Lays Out Security Policy for Third-Party Apps

Nokia Ovi Store Lays Out Security Policy for Third-Party Apps

Nokia opened the Ovi Store today, offering mobile applications, games and other tools. Some of the apps available through the Ovi Store are developed by third-parties, and Nokia wants to ensure those apps are secure enough for primetime before users download them.

Nokia officially put the welcome mat at the door of its Ovi Store today, stocking its virtual shelves with mobile applications, games, productivity tools and more for dozens of models of Nokia phones.

Just like in the Apple App Store, some of those applications are developed by third-parties, making the task of ensuring the security of those applications important. In the case of Nokia, officials said they have put a review process in place to make sure the apps customers are getting are up to snuff.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31469

A spent technological force?

Japan: A spent technological force?

Walkman, compact disc, VCR, DVD, PlayStation; It reads like a roll call of the coolest gadgets of the last three decades, and Japan is responsible for making the bulk of them. From the Sony transistor radio in the 1950s to today’s global megahit, the Nintendo Wii, the technological prowess of Japan’s corporations has been a key engine of its economic success since its rise from the ashes of the Second World War.

But is the world’s second largest economy a spent technological force? This concern has been sharpened by the brutal balance-sheet realities of Japan’s once all-conquering consumer electronics sector. Hitachi leads the pack, filing a record annual loss of óG5.3bn this month after announcing worldwide job cuts of 7,000 employees. Panasonic, the brand name of appliance giant Matsushita, has posted its first net loss in six years and will slash 15,000 jobs and shutter 40 factories. In the late 1980s, Matsushita was turning out two-thirds of the world’s video recorders, but now finds itself in a battle for market share with cheaper rivals.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31468

Mobile phone location technology fights card fraud

Mobile phone location technology fights card fraud

Ericsson is courting major banks with a security service the company thinks could cut down on credit card fraud as well as eliminate an inconvenience for travelers using cards overseas.

Banks are increasingly blocking credit card transactions in certain high-risk countries due to increasingly levels of fraud. A business traveler who lives in the U.K. but goes to Russia can likely have a transaction rejected if the person hasn’t informed the credit card company of their travel plans. It’s embarrassing and inconvenient.

Ericsson’s IPX Country Lookup service uses a person’s mobile phone to provide a confirmation that a person is actually in the country where the transaction is carried out, said Peter Garside, U.K. and Ireland regional manager for Ericsson’s IPX products.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31467

Mac clone maker Psystar files for bankruptcy

Mac clone maker Psystar files for bankruptcy

Psystar, maker of the the Open Computer, has filed for bankruptcy protection.

The papers were filed in a Florida federal court Thursday. Psystar is more than $250,000 in debt, according to the bankruptcy petition, owed mostly to shipping companies, the IRS, and the law firm Carr & Farrell. In the filing, Psystar pins its financial mess on the poor economy.

“Debtor sales have been greatly affected by the decrease in consumer spending. The financial crisis has also caused creditors to tighten up their terms and become more demanding for immediate payment,” the company said in a court document. Psystar also blames its partner vendors’ own financial problems, which resulted in Psystar having to pay higher prices on parts. At that point, Psystar was unable “to turn a significant profit in each sale.”

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31466

HP recalls another 15,000 laptop batteries

HP recalls another 15,000 laptop batteries

HP IS ONCE AGAIN blazing into the headlines with the firm embarrassingly having to recall thousands more laptop batteries which could spontaneously combust at any given moment.

A Chinese government website said the world’s biggest computer maker would have to recall 15,000 laptop batteries distributed throughout China, owing to dangers they might overheat and explode into flames. HP Pavilion, Compaq Presario and HP Compaq laptop users are advised to check the website if they bought their machines in China between late 2007 and early 2008.

The announcement comes just a short while after the U.S. Consumer Product Safety Commission (CPSC) made HP recall about 70,000 laptop batteries, also for fear of them dying a fiery death.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31465

Intel, IBM discuss 8-core ‘Nehalem’ server chip

Intel, IBM discuss 8-core ‘Nehalem’ server chip

Intel on Tuesday said it will ship a server chip that contains up to eight processing cores later this year, while IBM showed off a high-end server in the works that uses eight such chips, yielding 64 cores.

Intel’s Nehalem-EX processor, in production later this year and expected to be shipping in high-end server systems by early 2010, will feature up to eight cores inside a single chip that supports 16 threads, according to Boyd Davis, Intel’s general manager of the Server Platforms Marketing Group, speaking at a teleconference on Tuesday.

Using threads, Intel essentially doubles the amount of work that can be done on each processing core. IBM, which participated in the conference, discussed a server currently under development that uses 64 Nehalem-EX cores (eight processors) and can handle 128 threads, according to Alex Yost, vice president IBM BladeCenter. “We’re very excited today to be the first to demonstrate Nehalem-EX,” Yost said.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31464

New Memory Material May Hold Data For One Billion Years

New Memory Material May Hold Data For One Billion Years

Scientists are reporting an advance toward remedying this situation with a new computer memory device that can store thousands of times more data than conventional silicon chips with an estimated lifetime of more than one billion years. Their discovery is scheduled for publication in the June 10 issue of the American Chemical Society’s Nano Letters, a monthly journal.

Alex Zettl and colleagues note in the new study that some of today’s highest-density experimental storage media can retain ultra-dense data for only a fraction of a second. They note that William the Conqueror’s Doomsday Book, written on vellum in 1086 AD, has survived 900 years. However, the medium used for a digital version of the book, encoded in 1986, failed within 20 years.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31463

The Neverending ‘Year of Linux on the Desktop’ Debate

The Neverending ‘Year of Linux on the Desktop’ Debate

Now that Memorial Day has come and gone, summer is unofficially here. What better way to celebrate than with another rousing “Year of Linux on the desktop” debate?! Sure enough — it may be an oldie, but it’s clearly a goodie, and in recent days, bloggers far and wide have been ready and willing to entertain the question again.

In fact, two such topics have dominated the Linux blogs lately, and they’re inherently related. First came the well-worn question of whether Linux needs marketing, a topic that was kicked off when Danijel Orsolic noted that “Linux is not an OS.”

“Good luck with that,” quipped tuxchick on LXer, leading to more than 100 lively comments.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31462

The $800 Killer Gaming PC

The $800 Killer Gaming PC

It’s astonishing what a difference 15 months makes.

That’s how long it’s been since we last built a gaming rig for $800. Since then, the price war between AMD’s ATI division and Nvidia has become a pyre upon which Nvidia’s profits have been sacrificed. AMD’s CPU group and Intel have duked it out, too, with the low and midrange of the processor lines undergoing a price war.

Meanwhile, the price of storage and memory has also plummeted. About the only thing that hasn’t dropped much is the cost of the case and power supply. That all means that this year’s edition of the $800 gaming PC comes pretty close to being a no-compromises system, particularly if you’re running on a 20- or 22-inch, 1680×1050 displ

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31461