www.vanish.org

The Last Post

2008-02-16T07:46:00.008+10:30

Due to a change in circumstances, I will no longer be able to continue with this blog. The second anniversary was fast approaching, and I have enjoyed it, but alas, nothing lasts forever. All readers visit a number of sources for their news, so if the links below are not on your list, you may like to add a few.

Donna's SecurityFlash
Help Net Security - Off the Wire
heise Security
Krebs on Security
Threat Level - Wired.com
MSMVPS.COM [Blogs by Current and Former Microsoft Most Valuable Professionals]
Vanish.org Security News [4 feeds]

Goodbye, Farewell, Adios and Many Thanks

Conferences

2008-02-11T06:31:00.000+10:30

Linux.conf.au
Linux.conf.au is done and dusted for another year, and being the caring and sharing open source types that they are, they've kindly recorded all the talks and tutorials which were given to share with the world wide web. You can browse the topics and download them here - OGG is the video, SPX is the audio. If you're in a Windows environment, you can use the open source app VLC to view the OGG files.

Read more HERE.

Official Defcon 15 recordings online
After 6 months, Defcon has put the official recordings on their website. There are 122 video and audio files in total.

Have fun!

Software

2008-02-11T06:27:00.000+10:30

ESET SysInspector
ESET SysInspector is an application that thoroughly inspects your computer and displays gathered data in comprehensive way.

Read the article HERE.

New versions of Aircrack-ng WLAN
The developers of Aircrack-ng have published two new versions of their WLAN security-testing suite. The latest stable version 0.9.2 of airmon-ng supports more drivers than its predecessor and fixes some bugs. Airodump-ng can now handle 5-GHz channels, and Aireplay-ng can now talk to the real-time clock under Linux. The unstable version 1.0 has also been updated to Beta2

Read the article HERE.

My Lockbox
My Lockbox is a free program that can quickly hide and password protect a folder and all files/folders within it from being shown in the Windows files system, and will do so under Windows safe mode as well.

Read the article HERE.

BitTorrents

2008-02-11T06:23:00.000+10:30

Apart from The Pirate Bay guys, most tracker administrators are acutely aware of the risks they expose themselves to, and do everything they can to hide in the shadows. We speak to a tracker owner to find out the kind of measures these guys take in order to protect their identities.

Read the article HERE.

Avoid Downloading Fake Torrents
BitTorrent tracker SeedPeer ensures quality torrents by verifying downloads before it seeds them in its verified torrents section. That means that if you've ever spent hours downloading a torrent to find that you'd been duped by a fake download, you should be able to download with confidence from SeedPeer's verified torrents.

Read the article HERE.

YouTorrent
YouTorrent is “the world’s first real-time torrent comparison search engine” according to the site itself. The site is a meta search engine, which means that it doesn’t host any torrent files itself. It currently searches 12 sources; Mininova, The Pirate Bay, IsoHunt, MyBittorrent, NewTorrents, SuprNova, Monova, Vuze, BitTorrent, LegitTorrents, SeedPeer and BTjunkie.

Read the article HERE.

Top 10 BitTorrent Tools and Tricks
BitTorrent is the go-to resource for downloading everything from music and movies to software and operating systems, but as its popularity continues to grow, so do the number of tools available for making the most of it. Some are must-haves, while others are a waste of time. Climb aboard for a look at 10 of the best BitTorrent utilities, tools, and resources for finding and managing your BitTorrent downloads quickly and efficiently.

Read the article HERE.

TechNet Magazine - February 2008

2008-02-11T06:14:00.000+10:30

Sharepoint : Office Communications Server : High Performance Computing : Microsoft Office

Read the magazine HERE.

Hackers Exploiting Adobe Reader Flaw

2008-02-10T07:17:00.000+10:30

Security Fix has learned that at least one of the security holes in the popular Adobe Reader application that was quietly patched by Adobe this week is actively being exploited to break into Microsoft Windows computers.

Read the article HERE.

Solving Online Identity Theft

2008-02-10T07:16:00.000+10:30

Imagine you could prove you were 21 without revealing your date of birth -- or anything else about you, for that matter. Or qualify for a loan without disclosing your net worth. Or enjoy the benefits of e-commerce, e-health and e-government without a moment's fear that you are open to identity theft. Sound impossible? It is. But it won’t be if cryptographer and entrepreneur Stefan Brands has his way.

Read the article HERE.

Another google horror story

2008-02-10T07:14:00.000+10:30

I'm a very experienced internet user, which is part of why I've asked not use my name. I'm the -last- person that should be a phishing victim, yet it happened to me. Since it happens to internet professionals far less than, say, the clueless relatives of internet professionals, of course we blame it on the user.

The design problem is you want the site's interface to be uniform every time you visit, this tells the user "this is the real gmail". But this is what the phishers are exploiting. If the site was somewhat different every time you visited, it would be jarring and perhaps cause more people to look at the URL to make sure they were in the right place. Bank of America uses a "personal icon" that you should see to ensure it's the right server. It's not the most elegant solution, but it is a step in the right direction.

Read the article HERE.

The Coolest Hacks of 2007 - Part II

2008-02-10T07:13:00.000+10:30

Just when you thought it was safe to go back online, we offer a new round of offbeat attacks that might make you think twice. Bluetooth, taxicabs, printers, unlaunched browsers, toasters, and road signs: Each was hacked in the past year by inventive researchers whose curiosity got the best of them. The coolest hacks are like that.

Read the article HERE.

The Flow of MBR Rootkit Trojan Resumes

2008-02-10T07:12:00.000+10:30

Back in final weeks of 2007 the GMER team discovered the emergence of a new rootkit that hooked into the Windows master boot record (MBR) in order to take control of a compromised computer.

Read the article HERE.

'L0pht ' Reunion on Tap

2008-02-10T07:09:00.000+10:30

Former rock bands have done it, and now a 1990s hacker group is getting back together -- for at least one show, anyway. Several members of the famed hacker group The L0pht Heavy Industries will reunite in March on a security conference panel.

Read the article HERE.

Crack for Windows Live captcha

2008-02-09T08:37:00.001+10:30

Spammers are using a sophisticated piece of software that can create thousands of Windows Live email addresses by cracking the protections designed to prevent the large-scale creation of fraudulent accounts.

Read the article HERE.

New Authentication Scheme Proposed

2008-02-09T08:36:00.001+10:30

Researchers have built a prototype authentication technique that could ultimately reduce the risk of attackers hacking users' credentials via a keylogger or spyware.

Read the article HERE.

To sudo, or not to sudo

2008-02-09T08:35:00.000+10:30

If you've dabbled even a little bit with security matters, you know that giving root rights or the root password to a common user is a bad idea. But what do you do if a user has a valid need to do something that absolutely requires root rights? The answer is simple: use sudo to grant the user the needed permissions without letting him have the root password, and limit access to a minimum.

Read the article HERE.

It's raining security updates

2008-02-09T08:33:00.000+10:30

Mozilla pushed out a new update of Firefox on Thursday that fixes ten security vulnerabilities, three of which are deemed critical.

Read the article HERE.

Antivirus company's Web site hacked

2008-02-09T08:32:00.000+10:30

The Web site for Indian antivirus vendor AvSoft Technologies has been hacked and is being used to install malicious software on visitors' computers.

Read the article HERE.

Changing the face of flaw disclosure

2008-02-09T08:14:00.000+10:30

The old image of vulnerability researchers is the teenage outcast tinkering away in the basement, finding flaws in Windows machines, Oracle databases and Cisco routers and releasing proof-of-concept exploit code at will to the dismay of the affected vendor. But somewhere along the way, something changed.

Read the article HERE.

Third of security practices useless

2008-02-08T08:16:00.001+10:30

In a presentation here yesterday, Tippett -- who is vice president of risk intelligence for Verizon Business, chief scientist at ICSA Labs, and the inventor of the program that became Norton AntiVirus -- said that about one third of today's security practices are based on outmoded or outdated concepts that don't apply to today's computing environments.

Read the article HERE.

JavaScript zaps iPhone and iPod

2008-02-08T08:15:00.001+10:30

Security researchers have discovered you can crash an iPhone through the medium of a cleverly crafted webpage. The exploit, dubbed a "memory exhaustion remote denial of service vulnerability" by the SecurityFocus website, affects Apple's Mobile Safari web browser, a key component of both the iPhone and the iPod Touch.

Read the article HERE.

The Storm Worm's Family Tree

2008-02-08T08:13:00.000+10:30

New research suggests that the infamous Storm worm has its roots in a computer worm that first surfaced as early as 2004, two-and-a-half years prior to Storm's widely-recognized birthday.

Read the article HERE.

Microsoft News

2008-02-08T08:05:00.000+10:30

MS Patch Tuesday Barrage
After a relatively light Patch Tuesday load in January, Windows administrators are bracing for a barrage of security updates from Microsoft. According to the software maker's advance notice mechanism, there are 12 bulletins slated for release Feb. 12. Seven of the 12 will be rated "critical," Microsoft's highest severity rating.

Read the article HERE.

Final Version of Vista SP1 Test
Microsoft's newly released Service Pack 1 may solve some of the performance glitches that have annoyed Windows Vista users and discouraged others from adopting the OS, but it doesn't appear from our initial tests to be a panacea. In our first tests of the service pack, file copying, one of the main performance-related complaints from Vista users, was significantly faster. But other tests showed little improvement and in two tests, our experience was actually a little better without the service pack installed than with it.

Read the article HERE.

Microsoft responds to Save XP petition
In response to Infoworld's petition and other pro-XP outpourings of support, a Microsoft spokesperson in the US told Computerworld: "We're aware of it, but are listening first and foremost to feedback we hear from partners and customers about what makes sense based on their needs. That's what informed our decision to extend the availability of XP initially, and what will continue to guide us".

Read the article HERE.

Microsoft cuts Windows 7 features - already
Features are being shed left and right. The latest one is graphics a API, DirectX 11 in this case. From what we are told by reliable sources. MS was keen on having DX11 be part of Windows 7. DX10, which while technically pretty nifty, is saddled with Vista as an arm twist mechanism, so it is taking off like a water buffalo with bunions and a weight problem.

Read the article HERE.

When security improvements backfire

2008-02-07T08:30:00.001+10:30

Recently, when conducting an (authorized) security review at a small web hosting provider, I ended up as "root" on all their Unix systems within a matter of hours, and did not even need any l33t buffer overflow or the like. Well-meaning system administrators had tried to improve security of their servers, and had unwittingly ended up making life much easier for the bad guys.

Read the article HERE.

Adobe, Apple Issue Security Updates

2008-02-07T08:29:00.000+10:30

Adobe has released an update to its free Adobe Reader application that corrects more than two dozen bugs, including several security holes. Separately, Apple this week pushed out a patch to plug a single security vulnerability in its iPhoto application.

Read the article HERE.

Hack Your Home Router Challenge

2008-02-07T08:28:00.000+10:30

In the wake of two fairly bad stories about cross-site request forgeries (CSRF), there’s a new challenge on the wind: Hack your home router! The catalysts for this challenge were some recent real-world CSRF-based attacks -- a user's domain being compromised due to a hole in Gmail, and Mexican banking customers' credentials getting stolen after their routers were compromised.

Read the article HERE.

TrueCrypt 5.0 Released

2008-02-07T08:27:00.000+10:30

Among the new features are the ability to encrypt a system partition or entire system drive (i.e. a drive where Windows is installed) with pre-boot authentication, pipelined operations increasing read/write speed by up to 100%, Mac OS X version, graphical interface for the Linux version, XTS mode, SHA-512, and more.

Read the article HERE.