Video Streaming Feed at Black Hat Hacked
A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference. Read the full article. [IDG News Service]
BSD Operating Systems. August issue is here!
I am happy to introduce you August issue. This time we will be mentioning Windows, Ubuntu in our magazine, but surely it will be more than connected to BSD.
Get yourself a copy and let us know if it was usefull and interesting.
We also have modified and have another survey for you, please find some time to fill it in.
And we are looking for authors, betatesters and proofreaders with russian as a native language.
Please contact olga.kartseva@bsdmag.org in case you want to contibute or have an idea where we should announce this news.
Please spread the word about it on your blogs, forums, websites!
Thank you!
Facebook Hacked or Not? – 100 Million User Profiles on Public Site
Recently in the media, there has been a big “commotion” about the 100 million Facebook profiles containing user IDs, names, URLs and other data that was obtained and place into a file and posted online by Ron Bowles a security consultant. The media and surprisingly many security professionals have been spinning this matter as massive hack on Facebook and its users, when it fact it really was not.
The data obtained by Bowles were publicly available information that can be acquired by conducting Internet searches using Google, Yahoo and Bing to name a few. Reports stated, Bowles implement a “scraper” which is a small program to collect data from Facebook’s website automatically and the result was a 2.8GB file that he later posted on a peer-to-peer site.
So the driving question is it a hack or not?
To best answer that questions here are some points:
When creating a Facebook account, the user is given many options to what information will be available to the public. The user has the option of sharing “nothing”, “everything” or “a little”. Depending on what was selected will depend on what others are able to view and if your information was obtained by Bowles.
Computer hacking usually involves a degree of infringement on the privacy of the victim or damage to computer-based property. Bowles legally scanned and placed the files in a database, but many feel their privacy was infringed on even though the information was already publicly available.
This event should raise the awareness of what people are doing on Facebook and if they are comfortable enough with the information, they are putting out there. Facebook users need to take stock of their conversations and what information they are posting to others. That information can be used to create a profile along with the publicly available data that can lead to identity theft.
What is your position on the Facebook event?
August Issue of Hakin9: Securing the Cloud – Free Download
• Prey: A New Hope
Misplaced your laptop or had it stolen? You are not alone.
– MERVYN HENG
• An introduction to Reverse Engineering: Flash, .NET
This article is about the demonstration of Reversing of Flash and .NETapplications. This is an introductory article showing basics of decompiling/ disassembling. In the first I have chosen to show reversing of Flash files and .NET files and how to patch them.
– NILESH KUMAR
• Web Malware – Part 1
The Internet has been plagued by a variety of Malware that use the Web for propagation and as these threats loom around in the Internet it can infect even the smartest and the most tech savvy computer users.
– Rajdeep Chakraborty
• Cyber warfare with DNSbotnets
Botnets aren’t just a fad or items being sold and purchased like items on ebay, but are becoming carefully designed tools used for cyber war. In this article we will discuss what a Botnet is, and the next generation of Botnets over DNS.
– Francisco Alonso
• Search Engine Security and Privacy
It’s no secret that search engines like Google, Yahoo, Bing (MSN) retain search data and metadata regarding searches. They are open about doing so. What’s unsure, though, is to what extent this creates a long-term threat to information security and privacy. This article briefly reviews what data is retained and stored by these search engines and what readers can do to protect their information.
– Rebecca Wynn
• Securing the Cloud: Is it a Paradigm Shift in Information Security?
First let me start by saying No. There’s really nothing new in the Cloud except where risk appears to shift. But does it really? I would argue that it increases your risk and there can be no shift of blame for a successful Cloud attack and breach of confidential data stored in the Cloud. You are ultimately responsible.
– Gary Miliefsky
• Radio Frequency-enabled Identity Theft
A discussion on how radio frequency-enabled technology could leave people vulnerable to identity theft and then potential identity fraud.
– JULIAN EVANS
• Intelligence Monopolies
In general a monopoly is bad for an industry. Prices invariably increase beyond reasonable production costs and innovation stops. It’s a natural law that competition brings about new advances and achievement.
– MATTHEW JONKMAN
• Capturing the New Frontier: How To Unlock the Power of Cloud Computing
So here’s a question: Which IT sector accounts for fully 25% of the industry’s year-over-year growth and, if the same growth trajectories continue, will generate about one-third of the IT industry’s net new growth by 2013?
– MIKE ARMISTEAD
iPhone Jailbreaking: Security Concern or Not?
Charlie Miller of Tipb.com stated, “Turns out that if you jailbreak your iPhone you remove most of the Apple’s security protections — 80% to be exact — and are vulnerable to attacks.”
That statement seems to resonate across the cell phone app community when discussing the adverse effects of jailbreaking Apple’s iPhones. In two recent articles, one by Terrance Gaines titled, “The Government Approves “Jailbreaking” of Mobile Devices” and the other by Nick Farrell titled, “Apple loses in Digital Millennium Copyright ruling” Congress deems jailbreaking and the unlocking of phones legal with stipulations.
For those who are not familiar with the term jailbreak, it is freeing a device from the constraints imposed by the vendor. It normally requires the installation of software on a computer that will allow it to be installed on the device thus breaking it wide open for access and full modification as well as access to third party non-approved software.
There seem to be two sides to the concept of jailbreaking when it comes to the iPhone. Many feel, by Apple controlling which apps are sold through their AppStore they can limit the amount malicious software by conducting internal reviews of the applications for operating safety and compliance.
While others contend, jailbreaking an iPhone is not dangerous or unsafe. Many feel if the user use common sense and review the applications before downloading it, that they should be fine and If something were to go adversely wrong, implement the factory reset procedures would revert the iPhone back to factory default and under Apple’s protection once again.
On a blog posting a user stated, “It’s frustrating to know that the device can do so much more and is only limited by Apple’s short sited administrative hold.”
Personally, if you are a tech savvy individual and understand what to out look for, then jailbreaking the iPhone maybe something you are comfortable with, but for those that are not as tech savvy or do not have a clue on what to look for, I would recommend that you do not jailbreak your phone. Once you jailbreak your iPhone, you are on your own and are outside of all of Apple’s security controls.
What are your feelings on the iPhone Jailbreaking matter?
Black Hat Uplink USA
========================
Black Hat Uplink USA
http://links.covertchannel.blackhat.com/ctt?kn=11&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
========================
Attend the most the important security event of the year
– from your desktop!
Two Days Left to Register: Get 50% Off (Save $200).
Have you had a chance to experience Black Hat in person?
Are you curious to see what a “live” Black Hat event has
to offer?
This year thousands of security professionals from around
the world are making plans to be a part of Black Hat USA 2010.
But not all of those people will actually be in Las Vegas.
With Black Hat Uplink, you can experience essential content
that shapes the security industry for the coming year.
Register now for Black Hat Uplink with Promo Code BH80UL
to activate your discount (limited number of seats available).
See complete program schedule below.
Register >>
http://links.covertchannel.blackhat.com/ctt?kn=12&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
Black Hat USA 2010, the premier technical event for the security
industry to gather and address challenges to today’s senior-level
IT professional, will be held at Caesars Palace in Las Vegas, Nevada,
July 24-29, 2010.
Black Hat USA 2010 >>
http://links.covertchannel.blackhat.com/ctt?kn=4&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
Now for $195, you can get a taste of Black Hat USA from your
desk – this year’s live event will be streamed directly to the
comfort of your own machine with Black Hat Uplink:
* Access to two select tracks on each day of the Briefings
and the keynote – a total of 20+ possible sessions to view.
* Post-conference access to Uplink content; go back and review
the presentations that you missed or watch the presentations
that interested you the most as many times as you want.
* Interact with fellow con-goers, Uplink attendees, and the
security community at large via Twitter during the Briefings.
* Get show promotional pricing for the “Source of Knowledge”
DVDs should you wish to purchase recordings of ALL the recordings
from Black Hat USA and/or DEF CON 18.
————————
Presentation Schedule*
http://links.covertchannel.blackhat.com/ctt?kn=1&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
————————
WEDNESDAY, JULY 28
Keynote Intro: Jeff Moss
Keynote: Jane Holl Lute, Deputy Secretary, Department of Homeland Security
Uplink 1
* ExploitSpotting: Locating Vulnerabilities Out Of Vendor
Patches Automatically by Jeongwook Oh
– This talk will feature 2 undisclosed 1-day exploits.
* Bitblaze: Crash Analysis using BitBlaze by Charlie Miller
* Jackpotting Automated Teller Machines Redux by Barnaby Jack
– Live jackpotting of an ATM machine onstage.
* Blue Screen Of the Death is Dead by Matthieu Suiche
* Semiconductor Security by Christopher Tarnovsky
Uplink 2
* Base Jumping: Attacking GSM Base Station Systems and Mobile
Phone Base Bands by Grugq
* More Bugs in More Places: Secure Development on Mobile
Platforms by David Kane-Parry
* These Aren’t the Permissions You’re Looking For by Anthony Lineberry,
Timothy Wyatt, David Richardson
* Everybody Be Cool This is a Roppery! by Vincenzo Iozzo,
Ralf-Philipp Weinmann, Tim Kornau
* App Attack: Surviving the Mobile Application Explosion by
Kevin Mahaffey, John Hering
– Analysis of over 200,000 apps from Apple & Android marketplaces
————————
THURSDAY, JULY 29
Keynote Intro: Jeff Moss
Keynote: “Cyber War… Are We At War? And If We Are,
How Should We Fight It?” General (Ret.) Michael V. Hayden,
former Director, National Security Agency and Central
Intelligence Agency
Uplink 1
* Memory Corruption Attacks: The (almost) Complete History…
by Haroon Meer
* There’s a party at Ring0 (and you’re invited) by Julien Tinnes,
Tavis Ormandy
– One year of research uncovering close to 20 kernal vulnerabilities
* Return-Oriented Exploitation by Dino Dai Zovi
* Understanding the Low-Fragmentation Heap: From Allocation to
Exploitation by Chris Valasek
* Advanced AIX Heap Exploitation Methods by Tim Shelton
Uplink 2
* CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems
& Bringing Sexy Back to Information Centricity by Christofer Hoff
* Secure Use of Cloud Storage by Grant Bugher
* Virtually Pwned: Pentesting Virtualization by Claudio Criscione
* Virt-ICE: Next Generation Debugger for Malware Analysis by
Quynh Nguyen Anh
* dirtbox: a Highly Scalable x86/Windows Emulator by Georg Wicherski
*Schedule subject to change.
————————
Register now with Promo Code BH80UL to activate your discount
(limited number of seats available). Presentations will be
streamed live on July 28-29, but you will be able to view
Uplink presentations for up to 90 days after the event.
Registration Fee: $195.
Register today for a chance to win an iPad! Two Black Hat
Uplink registrants will win an iPad preloaded with the
entire recorded live-event content from Black Hat USA 2010.
Register >>
http://links.covertchannel.blackhat.com/ctt?kn=8&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
——————–
Black Hat Community:
——————–
http://links.covertchannel.blackhat.com/ctt?kn=6&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
http://links.covertchannel.blackhat.com/ctt?kn=9&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
http://links.covertchannel.blackhat.com/ctt?kn=5&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
* Mailing List
mailto:feedback@blackhat.com?Subject=Join Black Hat Mailing List
——————–
Black Hat Events:
——————–
*** Black Hat USA 2010 ***
http://links.covertchannel.blackhat.com/ctt?kn=3&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
July 24-29
Las Vegas, NV
Caesars Palace
*** Black Hat Abu Dhabi 2010 ***
http://links.covertchannel.blackhat.com/ctt?kn=2&m=35641702&r=NTY3NjM1ODEzNQS2&b=2&j=Nzg1MTA2MjQS1&mt=1&rt=0
November 8-11
Abu Dhabi, UAE
==========================================================
(C) UBM TechWeb 2010. All Rights Reserved. Black Hat
c/o TechWeb, 600 Harrison St., 6th Floor, San Francisco,
CA 94107. TechWeb, Black Hat, and associated design
marks and logos are trademarks owned or used under
license by United Business Media LLC, and may be
registered in the United States and other countries.
Other names mentioned may be the trademark or service
mark of their respective owners.
