Hacker News

Times Online: Is hunting for information in the public interest or just to interest the public? - Hacker News

Security Fix: PCs Used in Korean DDoS Attacks May Self Destruct - Hacker News

SC Magazine: MasterCard will not permit automated encryption upgrade - Hacker News

Technology Review: Flaw Opens ATMs to Hackers - Hacker News

Just a few hours ago, Koobface has increased its Twitter activity, sending out tweets with different URL links pointing to Koobface malware. This is in contrast with previous Koobface Twitter activity wherein only three TinyURLs pointing to Koobface were used. As of writing, there are a couple of hunded Twitter users affected by Koobface in the past [...] Post from: TrendLabs | Malware Blog - by Trend Micro Koobface Increases Twitter Activity - Hacker News

If you’re a service provider wringing your hands over the so-called zero-day exploit for OpenSSH, it may be time for a reality check. After several days of scrambling to confirm an anonymous claim on the Full-Disclosure mailing list about a dangerous OpenSSH vulnerability, many experts are ready to call the assertion a hoax. The prevalence of OpenSSH use as an Internet connectivity encryption tool makes the thought of an unknown security hole bring forth plenty of sweat on the brows of IT geeks around the world. Which is why it is no surprise that some folks overreacted a bit this week. In fact, on July 5 the U.S.-based hosting firm Host Gator even shut down all SSH access to its shared and reseller customers in a preemptive strike against the potential vulnerability. But the truth is, security gurus say, the more they look at evidence for the zero-day exploit the more it looks like a run-of-the-mill brute-force attack. “I have exchanged some emails with one of the victims of the... - Hacker News

Remember, this was all rumor to begin with. Analysis of the logs has pretty much proven that they were just doctored to look like something new. This was just a vanilla brute-force attack tool. The ISC wants everyone to quit spreading FUD. I agree. I am still uneasy about strange OpenSSH bastardizations with old code being used as "enterprise" SSH implementations, and I still think that creating Google Alerts RSS feeds and pumping them into Google Reader is a great way to track the development of rumors or any kind of breaking news. HiR Information Report is brought you you by Edgeos, Your Network Security Platform. We are proud members of the Security Bloggers Network. This content originally posted on HiR Information Report. Copyright © 1997-2009, HiR - Hacker News

MIR-ROR 1.1 is available on the CodePlex MIR-ROR site. This is a minor update to the MIR-ROR script including a repaired path declaration. We also removed a pause statement to promote improve WMI scripting with MIR-ROR.MIR-ROR is a specialized, command... - Hacker News

A worm designed to propagate through email is the main proponent used in the DDoS attacks against high-profile websites in the United States and South Korea. Detected as WORM_MYDOOM.EA by Trend Micro, it is suspected to have arrived in victims’ inboxes as an attachment to email messages. Upon execution, it registers itself as a system service [...] Post from: TrendLabs | Malware Blog - by Trend Micro MYDOOM Code Re-Used in DDoS on U.S. and South Korean Sites - Hacker News

Posted by Cody Pierce As reports came out regarding the new Microsoft 0day[1] in msvidctl.dll I started to take interest, as information about the specifics of the vulnerability were nonexistent. I was curious about the origin of the issue, what is required to trigger it, whether it is only present in the MPEG2TuneRequest interface, and what other CLSIDs may be affected (besides the 40+ they kill in their advisory). When dealing with 0day we must be aware of very specific details of a vulnerability so we can properly protect ourselves. Grabbing a copy of the exploit from one of the many sites publicly reporting the issue I narrowed down the needed html to trigger the vulnerability. var myObject=document.createElement('object');myObject.data='logo.gif';myObject.classid='clsid:0955AC62-BF2E-4CBA-A2B9-A63F772D46CF'; Everything else in the exploit is unrelated to the actual vulnerability. The heap fill is for exploitation, and the height and width properties are unnecessary. This can also... - Hacker News