Hack In The Box

Weird Windows Woes: Fix Random Freezes, Test Mode

admin — Wed, 08 Sep 2010 02:12:00 +0000

PC World - Of all the hassles that can plague a PC user (and, trust me, there are many), few are as infuriating as random lockups. There you are, typing along, when suddenly everything just freezes. No error message, no blue screen, just a locked-up, unresponsive system. I’ve been there. I feel your pain.

If you’re a Windows 7 (or Windows Server 2008 R2) user, you may be in luck: Microsoft recently issued a hotfix for systems that stop responding randomly.

What causes the problem? Microsoft says it’s “a deadlock condition between the Lsass.exe process, the Redirected Drive Buffering Subsystem (Rdbss.sys) driver, and the Winsock kernel.” Well, duh! That was going to be my first guess.

The hotfix is available for both 32- and 64-bit versions of Windows 7. (Fun fact: you’ll often see these versions represented as “x86″ and “x64,” respectively.) To get

… Read the rest

Weird Windows Woes: Fix Random Freezes, Test Mode is a post from: Hack In The Box

ACLU Sues Over Warrantless Laptop Border Searches

admin — Wed, 08 Sep 2010 00:09:36 +0000

An Obama administration policy allowing U.S. border officials to seize and search laptops, smart phones and other electronic devices for any reason was challenged as unconstitutional in federal court Tuesday.

Citing the government’s own figures, the American Civil Liberties Union and the National Association of Criminal Defense Lawyers claim about 6,500 persons had their electronic devices searched along the U.S. border since October, 2008. In one instance, according to the lawsuit filed in New York, a computer laptop was seized from a New York man at the Canadian border and not returned for 11 days. The lawsuit seeks no monetary damages, but asks the court to order an end to the searches.

“All we want is that the government has to have some shred of evidence they can point to that may turn up some evidence of wrongdoing,” says ACLU attorney Catherine Crump.

The so-called… Read the rest

ACLU Sues Over Warrantless Laptop Border Searches is a post from: Hack In The Box

Spammers exploit second Facebook bug in a week

admin — Tue, 07 Sep 2010 23:58:00 +0000

Computerworld - Facebook today said it has fixed the bug that allowed a spamming worm to automatically post messages to users’ walls earlier this week.

The flaw was the second in the past week that let spammers flood the service with messages promoting scams.

Last week, Facebook quashed a different bug in its photo upload service that let a spammer post thousands of unwanted wall messages.

The newest worm was noticed Monday by researchers at a pair of antivirus vendors, Finland-based F-Secure and U.K.-based Sophos.

“A clever spammer has discovered a Facebook vulnerability that allows for auto-replicating links,” said Sean Sullivan, an F-secure security researcher. “Until now, typical Facebook spam has required the use of some social engineering to spread.”

Clicking on the link to the bogus application automatically added the app to users’ profiles, then automatically reposted a status message with a

… Read the rest

Spammers exploit second Facebook bug in a week is a post from: Hack In The Box

SB10-249: Vulnerability Summary for the Week of August 30, 2010

admin — Tue, 07 Sep 2010 23:34:07 +0000

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be

… Read the rest

SB10-249: Vulnerability Summary for the Week of August 30, 2010 is a post from: Hack In The Box

Apple leaks Wednesday release for iOS 4.1

admin — Tue, 07 Sep 2010 21:48:00 +0000

Computerworld - Apple has revealed that the iOS 4.1 update will be launched tomorrow.

For a brief time over the weekend, the company’s U.K. site stated that the update, which CEO Steve Jobs said would be released this week, would be available Wednesday, Sept. 8.

The site was quickly revised to show a notice saying only that the download was “Coming soon,” the same message that has been posted on Apple’s U.S. site since Jobs introduced the operating system upgrade and touted its new features last week.

Along with new functionality included with iOS 4.1 — ranging from “high dynamic range” (HDR) photography that produces more detail in over- and under-exposed areas, to the launch of Apple’s Game Center multi-player online network — Jobs also promised that the update would fix some of the bugs in iOS 4.0 that users have been complaining

… Read the rest

Apple leaks Wednesday release for iOS 4.1 is a post from: Hack In The Box

Control smartphone usage with Exchange 2010 ActiveSync

admin — Tue, 07 Sep 2010 21:16:26 +0000

Users in Exchange-based organizations enjoy comprehensive built-in mobility via ActiveSync; however, even as users clamor for smartphones, IT needs to make sure that these services are used in ways that are consistent with organizational policies. Although some users believe that these policies can be constraining, the situation would be much worse if the mobile device were to create a major security incident.

There are a variety of third party solutions to manage, monitor, and control mobile devices, but many organizations loathe spending a lot of money on these kinds of services and are most concerned with being able to simply control how devices interact with their systems. Exchange 2010 includes a number of administrative controls to help IT departments provide these mobility services while enabling automated methods by which user’s devices are required to adhere to policy.

This blog post is also available as

… Read the rest
Control smartphone usage with Exchange 2010 ActiveSync is a post from: Hack In The Box

Where is the point of demarcation with cloud services?

admin — Tue, 07 Sep 2010 21:14:00 +0000

Network World - The point of demarcation is important to service providers as it limits their exposure and risk, thus limiting their scope of responsibility and costs, but the growing popularity of cloud computing and hosted communications services promises to dramatically change the picture — perhaps most dramatically in the wiring closet.

Before hosted communications, most businesses’ wiring closets were filled with a calliope of data and voice equipment including CSU/DSUs, routers, firewalls, network security appliances, legacy KSU/PBX and sometimes a relatively new IP-PBX.

FAQ: Cloud computing, demystified

With cloud computing and hosted services, most of the logic and communications software moves to the service provider data center, allowing much of the old equipment in the wiring closet to be removed and replaced with a new generation of customer premise equipment, the Multi-Service Business Gateway (MSBG).

Manufactured by data and VoIP equipment companies, a
… Read the rest
Where is the point of demarcation with cloud services? is a post from: Hack In The Box

Seven Features To Look For In Database Assessment Tools

admin — Tue, 07 Sep 2010 18:59:32 +0000

As a follow-on to my “Essentials of Database Assessment” post, I want to go over some of the basic features and functions to look for in a database assessment product. There are many things to look for that differentiate one tool from another, but I’ll focus in on the top seven items you should review.

Here are the top seven features to evaluate in database assessment tools:

1. Expert Research &amp Current Policies: The principal cost in developing a database vulnerability assessment tool is the cost of building and maintaining a policy library. Thousands of man-hours go into policy research and creation, and how current the policies are have a major impact on the security of the database. Zero-day threats are just that, and the assessment vendors lead the database vendors in detection by days or weeks in advance. The vendor should release policy updates… Read the rest
Seven Features To Look For In Database Assessment Tools is a post from: Hack In The Box

On the job

admin — Tue, 07 Sep 2010 18:57:00 +0000

CSO - I’ve been very pleased to see the uptick, although uneven, in the economy. I have a couple things on my mind this month as a result of the improvement.

With some luck we’ll avoid a “double-dip” recession, but much of this depends upon the actions of our leaders. In the United States, the spate of regulatory legislation has had an unnerving effect, creating an environment in which businesses are not comfortable hiring workers or making capital investments. They will wait until they have a better understanding of the impact of new or proposed laws.

Regulations have been beneficial to the security industry in the past, and I believe they have helped to advance our cause. But regulations with broad scope, aimed at whole industry sectors or even economies, can throw us right back to where we were two years ago.

But now let
… Read the rest
On the job is a post from: Hack In The Box

Keep Your Browser Updated

admin — Tue, 07 Sep 2010 18:55:38 +0000

Topics:
Security Views : Vulnerability Management Tech Center

E-mail this page

| Print this page

|

Posted by Wolfgang Kandek,
Sep 7, 2010 09:55 AM

During the past Labor day weekend, I got pulled in by friends and relatives (some remotely) to take care of their computer-related problems.
We worked together on making sure automatic updates were enabled, removed unwanted software packages, and installed AV software where necessary. We also did some browser-related hygiene and in one case, removed five toolbars that had made their way into the system. These toolbars actually occupied one-third of the… Read the rest
Keep Your Browser Updated is a post from: Hack In The Box