BackTrack 3 In Testing
BackTrack 3 is currently in testing. No word yet on a release time.
Here is a little teaser.
Tuesday, October 16, 2007
Saturday, October 13, 2007
Microsoft gives in to denied IE vulnerability
"Microsoft has finally accepted responsibility for its role in a security weakness that allows malicious websites to run harmful code on an end user's machine. The acknowledgment of the vulnerability in Internet Explorer comes after three months of saying the burden lay with third-party software makers whose programs actually accepted the nasty payloads."
There goes Microsoft's credibility...again.
Full Article: http://www.theregister.co.uk/2007/10/12/microsoft_uri_reversal/
"Microsoft has finally accepted responsibility for its role in a security weakness that allows malicious websites to run harmful code on an end user's machine. The acknowledgment of the vulnerability in Internet Explorer comes after three months of saying the burden lay with third-party software makers whose programs actually accepted the nasty payloads."
There goes Microsoft's credibility...again.
Full Article: http://www.theregister.co.uk/2007/10/12/microsoft_uri_reversal/
A Monster of a Trojan
"A Trojan horse mines Monster.com for personal details that could make fraudulent e-mail schemes more convincing, while evidence mounts that other job sites are also being attacked."
Full Article: http://www.securityfocus.com/news/11484
"A Trojan horse mines Monster.com for personal details that could make fraudulent e-mail schemes more convincing, while evidence mounts that other job sites are also being attacked."
Full Article: http://www.securityfocus.com/news/11484
Friday, October 12, 2007
Businesses spend only 20% on security
"Security accounted for 20 percent of technology spending last year and it's expected to rise, according to a report released Tuesday."
Full Article: http://www.itnews.com.au/News/62760,businesses-spend-20-of-it-budgets-on-security-survey-shows.aspx
"Security accounted for 20 percent of technology spending last year and it's expected to rise, according to a report released Tuesday."
Full Article: http://www.itnews.com.au/News/62760,businesses-spend-20-of-it-budgets-on-security-survey-shows.aspx
Wednesday, October 10, 2007
Office workers still the biggest threat to IT security
According to a new online survey from Sophos, regular employees pose the biggest threat to IT security.
Wow, who would have thought... /sarcasm
Full Article: http://www.sophos.com/pressoffice/news/articles/2007/10/network-threat.html
According to a new online survey from Sophos, regular employees pose the biggest threat to IT security.
Wow, who would have thought... /sarcasm
Full Article: http://www.sophos.com/pressoffice/news/articles/2007/10/network-threat.html
Linux Kernel v2.6.23 Released
"2.6.23 includes the new, better, fairer CFS process scheduler, a simpler read-ahead mechanism, the lguest 'Linux-on-Linux' paravirtualization hypervisor, XEN guest support, KVM smp guest support, variable process argument length, make SLUB the default slab allocator, SELinux protection for exploiting null dereferences using mmap, XFS and ext4 improvements, PPP over L2TP support, the 'lumpy' reclaim algorithm, a userspace driver framework, the O_CLOEXEC file descriptor flag, splice improvements, new fallocate() syscall, lock statistics, support for multiqueue network devices, various new drivers and many other minor features and fixes."
Release Notes: http://kernelnewbies.org/Linux_2_6_23
"2.6.23 includes the new, better, fairer CFS process scheduler, a simpler read-ahead mechanism, the lguest 'Linux-on-Linux' paravirtualization hypervisor, XEN guest support, KVM smp guest support, variable process argument length, make SLUB the default slab allocator, SELinux protection for exploiting null dereferences using mmap, XFS and ext4 improvements, PPP over L2TP support, the 'lumpy' reclaim algorithm, a userspace driver framework, the O_CLOEXEC file descriptor flag, splice improvements, new fallocate() syscall, lock statistics, support for multiqueue network devices, various new drivers and many other minor features and fixes."
Release Notes: http://kernelnewbies.org/Linux_2_6_23
Tuesday, October 09, 2007
Content Aware Image Resizing
Could this technology have any practical applications in steganography? Think about it.
http://www.dailymotion.com/video/x2swhh_redimensionnement-intelligent-dimag_news
Could this technology have any practical applications in steganography? Think about it.
http://www.dailymotion.com/video/x2swhh_redimensionnement-intelligent-dimag_news
Ophcrack Live 1.2.1 Released
"Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux."
Official website
"Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux."
Official website
Undocumented Bypass in PGP Whole Disk Encryption
"PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."
http://it.slashdot.org/it/07/10/04/1639224.shtml
"PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."
http://it.slashdot.org/it/07/10/04/1639224.shtml
Subscribe to:
Posts (Atom)
