Posted by Hacker on 09月 4, 2008
Google Chrome on September 3 release, you want to know what Google Chrome loopholes? ArtHack organizations to tell you that the “loophole” is indeed so, but you can easily make the Chrome collapse!
Chrome which claims to have the strongest memory management, labelling between Hubuyingxiang, bringing a higher stability.
But as long as you Chrome in the URL box type “:%” characters, you can swap the collapse of the entire browser, and prompts:“Whoa! Google Chrome has crashed. Restart now?” Read more »
Posted by Hacker on 09月 3, 2008
提示:为了所有国家的网络安全,网际网路流量开始绕道美国,在不久的讲来即可打破美国独霸全球互联网的局面,详情如下:
Invented by American computer scientists during the 1970s, the Internet has been embraced around the globe. During the network’s first three decades, most Internet traffic flowed through the United States. In many cases, data sent between two locations within a given country also passed through the United States.
Engineers who help run the Internet said that it would have been impossible for the United States to maintain its hegemony over the long run because of the very nature of the Internet; it has no central point of control.
And now, the balance of power is shifting. Data is increasingly flowing around the United States, which may have intelligence — and conceivably military — consequences.
American intelligence officials have warned about this shift. “Because of the nature of global telecommunications, we are playing with a tremendous home-field advantage, and we need to exploit that edge,” Michael V. Hayden, the director of the Central Intelligence Agency, testified before the Senate Judiciary Committee in 2006. “We also need to protect that edge, and we need to protect those who provide it to us.” Read more »
Posted by Hacker on 09月 3, 2008
Executive Summary: Database encryption can protect data on Microsoft SQL Server and other database platforms from internal and external attacks. Although SQL Server 2008 and SQL Server 2005 have built-in encryption features, best practice for implementing security solutions involves a layered approach that also incorporates third-party products. Database encryption products generally encrypt at the column level or the file level. Split-key ability, key storage, and ciphers used can be important factors in choosing the right solution for your environment.
Given recent well-publicized data leaks and beefed-up security regulations that require companies to publicly disclose when unencrypted data has been exposed, all companies not using database encryption should be asking themselves why not. At the simplest level, database encryption addresses the concern that an attacker might get through your network’s other defenses or that the attacker might be someone from inside the organization. Encrypting data helps keep your company’s name from appearing in the headlines next to disturbing phrases such as “security breach.” Read more »
Posted by Hacker on 08月 31, 2008
You’re a smart, safety conscious iPhone user, right? You keep the phone set to require a 4-digit passcode every time it wakes up, so if you ever lose your baby, all your personal information is safe. But if you are running v2.0.2 of the iPhone operating system, you might as well not bother. A simple hack will get anybody past your PIN code with free access to all your mail, contacts and bookmarks. Ouch!
Acting on a tip from the Mac Rumors forums, Gizmodo’s Jesus Diaz whipped up a video of the exploit in action, a ridiculously easy two-step process:
1. Tap emergency call.
2. Double tap the home button.
This drops you into the iPhones “favorites” section. From here you can make calls or send e-mail, and with a few steps you can browse to the Address Book and then on to Mail, Safari or the SMS application. Read more »
Posted by Hacker on 08月 29, 2008
According to Agence France-Presse reported, NASA confirmed on the 27th, a mysterious computer virus on the 25th to sneak into the international space station, the virus is lucky computer security software was immediately isolated, the virus did not work on the International Space Station implications.
NASA spokesman Kelly (Kelly Humphries) said that the astronauts in their own laptop computer found the “worm” computer virus, the astronauts used laptop computers and the U.S. state of Texas on the ground mission control center each other Receive and send e-mail and computer viruses may be in the process of the astronauts into the computer system.
According to reports, this is a malicious computer virus software, it can operate the computer keystrokes to steal the station’s computer passwords and other sensitive data, and the theft of information via the Internet back to create the virus The computer hackers. Read more »
Posted by Hacker on 08月 29, 2008
互联网
Security experts warned recently that the core Internet routing protocols - BGP (Border Gateway Protocol, BGP) A security vulnerability exists, this is the DNS vulnerability Puchu after the second serious loophole in the Internet.
In the Defcon security conference this month in a speech, security experts and Alex Pilosov Tony Kapela BGP demonstrated how to use the loopholes in the agreement to launch attacks.
By BGP agreement, the information can be different in the network of interaction between the domain of autonomy. In order to achieve this objective, BGP maintaining a network of available IP routing table, and able to find the most effective Internet communications routing. In their lecture, Pilosov Kapela demonstration and a user’s communications how BGP was hijacked and redirected, this illustrates is considered very safe before the half-way communications can be intercepted. Read more »
Posted by Hacker on 08月 28, 2008
VPN security issue is the core issue. At present, VPN security assurances mainly through the firewall, router, supported by the tunnel technology, encryption and security agreements to achieve the key, enough to ensure that employees secure access to corporate networks.
VPN security issue is the core issue. At present, VPN security assurances mainly through the firewall, router, supported by the tunnel technology, encryption and security agreements to achieve the key, enough to ensure that employees secure access to corporate networks.
However, if an enterprise needs to expand to the VPN remote access, we should note that these directly to the company network or on-line connection always will be the main objective of hacker attacks. This is because long-range work of the staff through the firewall from the personal computer can come into contact with the company budget, strategic plans and projects, and other core elements, which constitute the company’s security weaknesses in the defense system. Although employees will be able to double to improve work efficiency, and reduce traffic on the time it takes, but also for hackers, competitors and business spies into the company has provided numerous opportunities for the core network. Read more »
Posted by Hacker on 08月 27, 2008
Security awareness of the history of the most classic of the three major loopholes in cattle virus
Use of systems, software vulnerabilities to launch attacks, is increasingly becoming a trend, here let us look at the history of the three major loopholes in the cattle virus.
Code Red
July 2001, the new network virus “Code Red” full-blown, it will be the first network worms, viruses, Trojans, as one of procedure, the network took a first step in the evolution of the virus epoch-making. Microsoft IIS vulnerability virus spread, resulting in a wide range of Internet access slowed down or even block, to the site can also dished out a lot of data servers, network eventually lead to paralysis.
However, because of IIS is not installed by default in the windows system components, so individual users has not been devastating impact, but the outbreak of this virus, bringing to the global loss of 2.6 billion U.S. dollars. Read more »
Posted by Hacker on 08月 27, 2008
Some people have been previously suspected virus is not safe to do their business out of the whole, there is no direct evidence has been disclosed. Recently saw a silver net against Trojan attacks launched to the arrest of news.
In this case, the suspects for personal development of a network of silver Trojans, targeted a bank’s digital certificate, net silver account password.
Silver reminded that the network users, mobile digital certificates with the best of each spent on the disconnect. Use of paper-based digital certificates is also quite safe, careful not to back up the digital certificate stored in local hard disk. Attack, even by the number of net-user certificates, account number and password, the attacker would like to sign in net silver operation, must be in their own computer to complete a certificate of rehabilitation, re-sign after the completion of the relevant banking business. In the process of restoration of the certificate, the banks will be asked customers to apply for the use of digital certificates to create a number of security issues, the wrong answer on the resumption of failure. Moreover, the success or failure of all the news through mobile phone messages or e-mail notice to customers. Therefore, the 24-hour phone start-up is a good habit. Read more »
Posted by Hacker on 08月 26, 2008
How you look at the phenomenon of hackers and hacking ? Worship ? Despised ? Or fear ? This article will introduce you to eight Chinese hackers used the tool and its method of defense. It is worth noting, these are just the initial hacking, or even hackers is not the “hackers” are the tools used. It seems that the real hackers in these tools is the primary, but these hacking tools of our ordinary users of mass destruction is very large, there is a need to tell us about their characteristics and defense methods.
This paper presents several representative hacking tools, we really have to master the course, not how to use these hacking tools, but through their understanding of hacking tools, master the methods to prevent hacker attacks, blocking all kinds of loopholes that may arise .
Read more »
Posted by Hacker on 08月 26, 2008
受影响系统:
Trend Micro OfficeScan 8.0
Trend Micro OfficeScan 7.3
Trend Micro OfficeScan 7.0
Trend Micro Worry-Free Business Security 5.0
描述:BUGTRAQ ID: 30792
CVE(CAN) ID: CVE-2008-2433
OfficeScan是一种针对整个网段的分布式杀毒软件。
OfficeScan的web管理控制台使用了不充分的熵用于创建识别已认证管理员的随机会话令牌。当真正的管理员登录时,会话令牌的熵仅来自于系统时间,细粒度为1秒。攻击者可以相对容易的暴力猜测到认证令牌,扮演成当前登录的管理员,然后通过操控配置完全控制系统。 Read more »
Posted by Hacker on 08月 25, 2008
Systems affected:
Opera Software Opera <9.52
Will not be affected system:
Opera Software Opera 9.52
Description:
BUGTRAQ ID: 30768
Opera is a popular
WEB browser, support for multiple platforms.
Opera’s version 9.52 before in a number of safety loopholes, and could allow a malicious user implementation of deception and cross-site scripting, leaking sensitive information or complete invasion of a user’s system.
Read more »
Posted by Hacker on 08月 21, 2008
受影响系统:
VideoLAN VLC Media Player 0.8.6i
描述:BUGTRAQ ID: 30718
VLC Media Player是一款免费的媒体播放器。
VLC媒体播放器的modules/demux/tta.c文件的Open()函数中存在整数溢出漏洞:
#define TTA_FRAMETIME 1.04489795918367346939
.
.
.
int i_seektable_size = 0, i; Read more »
Posted by Hacker on 08月 21, 2008
受影响系统:
Openwsman Openwsman 2.0
Openwsman Openwsman 1.2
描述:BUGTRAQ ID: 30694
CVE(CAN) ID: CVE-2008-2234,CVE-2008-2233
Openwsman是开放源代码的WEB服务管理规范的实现。
Openwsman在解码HTTP基础认证头时存在两个缓冲区溢出漏洞,其客户端受SSL会话中继攻击影响,如果远程攻击者向有漏洞的系统发送了畸形报文的话,就可以触发这些漏洞,导致执行任意指令。 Read more »
Posted by Hacker on 08月 20, 2008
virus
杀毒软件公司Panda Security最近列出了过去的六个月中出现的最意思的病毒。其中就有最浪费的病毒、最恐怖病毒、最爱干净病毒和最具资讯功能病毒。
最恐怖病毒:MalwareProtector2008和AdvancedXpFixer会一点点得“吃掉”被感染电脑的桌面。实际上,这两个病毒是由一个杀毒软件公司制造的。该公司希望通过这种方式让用户使用他们的产品。
最爱干净病毒:Tixcet.A会删除用户硬盘上的所有文件。
绑架者病毒:PGPCoder.E和“ransomware”。该病毒会对用户电脑硬盘上的数据进行加密,然后向用户索要金钱。用户只有花钱才能得到解密密码。
最浪漫病毒:Nuwar.OL,Nuwar.QI和Valentin.E用浪漫的内容来勾引用户点击激活它从而感染电脑。
最具资讯功能病毒:尽管该病毒名为Romeo。C,它却能让你获取丰富的资讯信息。Rome。C不仅窜改windows注册表,还会在发作时弹出新闻窗口。 Read more »
