Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Quizmaster]

Security update for WordPress
4 August 2009, 2:16 pm

LinuxSecurity.com: The 2.8.3 security update for WordPress fixes several privilege escalation vulnerabilities, similar to the problems fixed in a previous update to version 2.8. The developers had overlooked some of the loopholes which 2.8.3 now closes.

Source: LinuxSecurity.com - Latest News

[Quizmaster]

NetBSD 5.0.1 released
3 August 2009, 2:06 pm

LinuxSecurity.com: The developers of NetBSD have announced the availability of NetBSD 5.0.1, the first "security/critical" update of the NetBSD 5.0 operating system. The update includes fixes for eleven security issues, including Denial of Service (DoS) problems with BIND and DHCP, buffer overflows in SHA2, ntp and hack, and signature verification bugs in OpenSSL. NetBSD 5.0 was released in April and featured improvements to threading and a rewritten scheduler.

Source: LinuxSecurity.com - Latest News

[Quizmaster]

Another New AES Attack
3 August 2009, 2:05 pm

LinuxSecurity.com: Read Bruce Schneier's always on-target analysis of cryptography, this time with information on the new attack against AES.A new and very impressive attack against AES has just been announced.

Source: LinuxSecurity.com - Latest News

[Quizmaster]

Pirate Bay foundering under heavy fireFile-sharing site The Pirate Bay suffered further setbacks thi
3 August 2009, 2:01 pm

LinuxSecurity.com: File-sharing site The Pirate Bay suffered further setbacks this week, after Italian lawyers reportedly announced plans to sue the site's owners, and a court in the Netherlands ruled that the site must block all access for Dutch users within 10 days.

Source: LinuxSecurity.com - Latest News

[Quizmaster]

Practical AES attacks get closer
2 August 2009, 3:55 pm

LinuxSecurity.com: Cryptologists have now developed even more sophisticated attacks on AES encryption systems. According to crypto expert Bruce Schneier, a team consisting of Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich and Adi Shamir have managed to crack reduced versions of AES-256 in practical length of time. Attacking nine-round AES-256 required 239 time, which is even feasible with an ordinary PC, while ten-round would require 245. The time required for eleven rounds, however, is just above practicality at 270. The attack exploits a vulnerability in the key schedule, a function AES-256 uses to derive sub-keys from the main key.

Source: LinuxSecurity.com - Latest News

[Quizmaster]

Defcon: New Hack Hijacks Application Updates Via WiFi
2 August 2009, 3:54 pm

LinuxSecurity.com: Researchers here tomorrow will demonstrate a way to hijack the application update process via WiFi and replace the updates with malware.  Itzik Kotler, security operation center team leader for Radware and Tomer Bitton, security researcher for Radware, say that the hack can be used against most of today's client application updates.

Source: LinuxSecurity.com - Latest News

[Quizmaster]

Crackers publish hackers' private data
31 July 2009, 4:26 pm

LinuxSecurity.com: On the eve of the Black Hat security conference, crackers published a comprehensive text document in the underground magazine Zero for Owned (ZF0), containing masses of emails, chat records, passwords and other private information belonging to famous members of the security industry. Evidently they captured the data by breaching the web servers of Kevin Mitnick, Dan Kaminsky and Julien Tinners. They boast of having captured 75,000 clear-text passwords this way, most of them from the databases of the forum systems running on the affected servers.

Source: LinuxSecurity.com - Latest News

[Quizmaster]

Jailbreaking iPhone could pose threat to national security, Apple claims
30 July 2009, 11:13 pm

LinuxSecurity.com: Apple stated in its filing that by changing the BBP's code, "More pernicious forms of activity may also be enabled. For example, a local or international hacker could potentially initiate commands (such as a denial-of-service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data. In short, taking control of the BBP software would be much the equivalent of getting inside the firewall of a corporate computer--to potentially catastrophic result."

Source: LinuxSecurity.com - Latest News

[Quizmaster]

Researchers exploit flaws in SSL, domain authentication system
30 July 2009, 7:59 pm

LinuxSecurity.com: Two researchers have separately uncovered flaws in the way domain names are verified on the Internet that could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.

Source: LinuxSecurity.com - Latest News

[Quizmaster]

Open-source project aims to makes secure DNS easier
30 July 2009, 7:44 pm

LinuxSecurity.com: Very cool. It would be really nice to see a review of this project, and follow it as it progresses. Is anyone interested in reviewing it and letting us know how you make out?A group of developers has released open-source software that gives administrators a hand in making the Internet's addressing system less vulnerable to hackers.

Source: LinuxSecurity.com - Latest News

[Quizmaster]

Kaminsky Warns of SSL Vulnerabilities
30 July 2009, 7:01 pm

LinuxSecurity.com: Security researcher Dan Kaminsky made waves last year with his dramatic DNS security flaw that could have undermined the security of the Internet.  This year at Black Hat, he's back with another critical issue affecting the security certificates that secure Web sites.

Source: LinuxSecurity.com - Latest News

[MaB69]

Have You Been Hacked by Metasploit? Find Out!
29 July 2009, 8:03 pm

LinuxSecurity.com: At the Black Hat security conference in Las Vegas, Mandiant security researchers Peter Silberman and Steve Davis are releasing a new forensic framework on Wednesday that will make it possible to detect whether or not a host was hit by Metapsloit's meterpreter. The new tool could change the game when it comes to Metasploit-based attacks that previously could not be identified on the target machine.

Source: LinuxSecurity.com - Latest News

[MaB69]

Report: Spam and malware at all-time highs
29 July 2009, 6:14 pm

LinuxSecurity.com: Spam and botnets have hit their highest levels ever, according to McAfee's second-quarter Threats Report, released Wednesday. McAfee's Avert Labs says spam recorded in the second quarter shot up 80 percent compared with the first quarter of the year.

Source: LinuxSecurity.com - Latest News

[MaB69]

BIND name server vulnerable to DoS attacks
29 July 2009, 5:04 pm

LinuxSecurity.com: A vulnerability in the popular open source BIND9 name server allows attackers to remotely trigger a server crash. According to the error report, a single specially crafted "dynamic update" packet is all that is required to prevent IP addresses from being translated into server addresses. Authorised name-servers use dynamic updates to add, or remove, resource records to, or from, a zone.

Source: LinuxSecurity.com - Latest News

[MaB69]

3 Tips to Get the Most Out of Black Hat/Defcon
28 July 2009, 1:11 pm

LinuxSecurity.com: CSO Senior Editor Bill Brenner has been to enough Black Hat conferences to know it can be information overload. Here he offers a few suggestions for getting the most value out of the experience.

Source: LinuxSecurity.com - Latest News