http://www.sombrerosblancos.com/blog Contrainteligencia y Seguridad Informática Tue, 06 Jan 2009 22:14:00 +0000 http://backend.userland.com/rss092 en A recent study suggests that viewing natural scenery—even if only a photograph of it—can help restore some advanced cognitive functions. Unfortunately, it's not clear that the theory behind this makes any sense.Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/F7_p7z-b6YQ/20090106-study-nature-cities-as-mental-restorative.html Tech ARP has a collection of dates regarding Microsoft's update program. The upgrade program concerns upgrade paths from Windows Vista to Windows 7, and basically entails that when you buy a Windows Vista machine after July 1 2009, you will get a free upgrade to Windows 7 once it's released. ... http://osnews.com/story/20735/The_Microsoft_Windows_7_Upgrade_Program Se ha anunciado una vulnerabilidad en Samba por la que un usuario remoto autenticado podría llegar a acceder a determinados archivos del sistema. http://www.hispasec.com/unaaldia/3726 Amidst the hubbub over MacWorld 2009, El Reg quietly noted that the company UIQ, the joint venture of Sony Ericsson and Motorola and eponymous creator of the UIQ interface layer for the Symbian smartphone OS, has filed for bankruptcy in the Swedish courts. http://osnews.com/story/20734/UIQ_Files_for_Bankruptcy At the MacWorld Expo today in San Fransisco, Apple announced new versions of iWork and iLife, as well as an updated 17" MacBook Pro, which promises a battery life of 7-8 hours. More interesting, however, is the fact that yesterday was Mac OS X Server's 10th birthday. http://osnews.com/story/20733/Mac_OS_X_Server_Turns_10 Universal Music Group says that user-generated content sites like Veoh can't dock in a "safe harbor" if they do anything except store videos—even transcoding destroys immunity. A judge is having none of it.Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/2Uny2mO-Www/20090106-judge-transcoding-doesnt-block-veoh-safe-harbor-defense.html Apple has apparently crafted a compromise with the major record labels, dropping DRM and introducing tiered pricing.Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/O0jk7O0zQWQ/apple-labels-both-win-with-drm-free-itunes-tiered-pricing Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7684" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11686-rosoft-media-player-4-2-1-local-buffer-overflow-exploit.html Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7683" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11687-goople-1-8-2-frontpage-php-blind-sql-injection-exploit.html An Islamic charity has established its right to sue the government over warrantless surveillance, a federal court ruled Monday.Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/wP8CITyHarA/20090106-judge-doesnt-buy-state-secrets-privilege-oks-wiretap-suit.html AMD talked up its new ultra-portable lineup in November and is partnering up with HP to showcase actual products at CES this year. The companies have designed an ultra-portable that's gunning for the narrow space between netbook and notebook, with features they hope will appeal to users wanting just a ... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/BK14zTcxiK4/20090106-amds-neo-processor-debuts-in-hp-notebook-whoah.html New set of PCAPs.NMAP PCAPsNew Web Browser SploitsNew Random SploitsKindly, download the PCAPs, test it and let us know your reviews at contact.fingers @ gmail.com.- EF http://evilfingers.blogspot.com/2009/01/newer-pcaps-for-beta-testing.html Apple today announced a handful of new products at Macworld Expo '09 in San Francisco. It may be the company's last time attending the trade show, but Apple had a collection of both new software and hardware products to show off on stage.Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/kMabqvqQCmc/20090106-apple-mwsf-announcements-new-macbook-pro.html Acusó a 19 buscadores, entre ellos Google y Baidu, de no suprimir contenido "vulgar" y no hacer caso de las advertencias de los censores.China lanzó una campaña contra las principales páginas webs cuando el país entra en un año políticamente sensible, y en ella las autoridades acusan a buscadores líderes ... http://feeds.feedburner.com/~r/NoticiasSeguridadInformatica/~3/504498131/china-comienza-una-campaa-contra-los.html Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7682" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11685-riotpix-0-61-auth-bypass-sql-injection-vulnerability.html Tras haber aumentado la memoria RAM (dicen que con resultados mucho más espectaculares en XP que en Linux, donde sólo aprecio mejoras en la reproducción de vídeo), otra de las escaseces de nuestro pequeño maquinón es el espacio de almacenamiento, ya que 3 de los 4 GB con que cuenta ... http://www.kriptopolis.org/mas-espacio-para-eee-pc Training: February 16-17 Briefings: February 18-19 More information on the event can be found on the organizer web site. http://feedproxy.google.com/~r/governmentsecurity/news/~3/i2nQIxp-XKQ/Conference_Black_Hat_DC_2009 If you live in the United States, then it's almost certain you've heard about this big digital switch that public television is making due to a new US law. If you live outside of the US, I bet you've heard of it anyway since we like to let people know ... http://osnews.com/story/20719/DTV_Transition_Facts_and_Fallacies Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7681" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11684-debian-gnu-linux-xterm-decrqss-comments-weakness-vulnerability.html Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7680" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11683-ezpack-4-2b2-xss-sql-multiple-remote-vulnerabilities.html Ars Technica will be reporting live from the 2009 Macworld Phil Schiller keynote. A full running transcript of the event will appear here once the event starts.Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/HPWB7Vxh0VA/20090106-macworld-ars-macworld-2009-keynote-live-on-ars.html Despite what the project name's suffix might imply, Whitix is in fact not a Linux distribution. Whitix is a new operating system, written from scratch, and aims to combine the stability of UNIX with the user friendliness of other platforms. "It will offer a consistent, clear interface and a new ... http://osnews.com/story/20732/Whitix_0_2_Released Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7679" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11681-riotpix-0-61-forumid-blind-sql-injection-exploit.html Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7678" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11682-phpauctionsystem-multiple-remote-file-inclusion-vulnerabilities.html Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7677" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11678-oracle-10g-sys-lt-compressworkspacetree-sql-injection-exploit.html Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7676" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11679-oracle-10g-sys-lt-mergeworkspace-sql-injection-exploit.html Feel free to discuss about this proof-of-concept code <iframe src="http://www.milw0rm.com/exploits/7675" type="text/plain" style="background-color: #F0E68C" height="1000" width="830"><br></iframe> Download:exploit http://heapoverflow.com/f0rums/public/11680-oracle-10g-sys-lt-removeworkspace-sql-injection-exploit.html Buenas, DRAT es un troyano de origen Chino, programado por DST, al parecer en Delphi. Este posee mutiples funciones, las basicas de un troyano y alguna que otra interesante… Tambien soporta plugins, ya hay varios en su Pagina Oficial. Incluye una opcion para trabajar con todas las victimas o las seleccionadas, ... http://www.akelarreteam.es/?p=339 LinkedIn is a popular social networking site where you can manage business contacts online. Since you can set up a profile with links to your own website, it seems to attract criminals’ attention as well. A Google search reveals that several hundred fake LinkedIn profiles from nude “Kirsten Dunst” to ... http://feedproxy.google.com/~r/governmentsecurity/news/~3/9NmCpNY75mM/Rogue_LinkedIn_Profiles_Lead_To_Malware As promised, Comcast has turned off its "P2P specific technique" throughout its network, the company says. Now, it will handle congestion by identifying the problem, not the protocol.Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/0R5Nv2GlfsA/20090106-comcast-starts-new-year-with-new-network-management-system.html A lot of companies think that they can make the full solution from scratch, including all technical mechanisms for security and encryption. The enterprise customer should tread very lightly when evaluating solutions with custom encryption. http://feedproxy.google.com/~r/governmentsecurity/news/~3/7GpbfwxrG2M/Custom_Encryption_No_Thank_You By specifying an empty share name, in the right circumstances, it is possible to access the root directory of a Samba file server http://feedproxy.google.com/~r/governmentsecurity/news/~3/p07eLeEMdsw/Security_update_for_Samba_file_server Microsoft has announced two products designed to provide users of Office 2008 for Mac with improved access to existing server-based Microsoft services. The first of the two, Microsoft Entourage for Exchange Web Services, will be a free upgrade to Entourage 2008 for Mac that will enable that email, contacts, and ... http://osnews.com/story/20731/Microsoft_Moves_Macs_Closer_to_PC_Parity "The developers behind the Debian Linux distribution are preparing for the upcoming release of Debian 5, which is codenamed Lenny. The decision to move forward with the release follows a contentious vote over whether to permit the inclusion of binary blobs in the new version of the distribution. Consensus coalesced ... http://osnews.com/story/20730/Debian_5_Release_Approaches_Binary_Blobs_Included While the RIAA has dropped long-time P2P investigator MediaSentry, the music industry actually needs such services now more than ever. Denmark-based DtecNet will be handling the P2P identification chores in future.Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/GAf2E48SUJI/20090106-mediasentry-may-be-gone-but-riaa-tactics-will-live-on.html Nuevos contenidos en la Red Temática CriptoRed (diciembre de 2008)Breve resumen de las novedades producidas durante el mes de diciembre de 2008 en CriptoRed, la Red Temática Iberoamericana de Criptografía y Seguridad de la Información.1. NUEVOS DOCUMENTOS Y SOFTWARE PARA DESCARGA LIBRE DESDE CRIPTORED Y DISI 2008* DISI 2008: Adventures ... http://feeds.feedburner.com/~r/NoticiasSeguridadInformatica/~3/504292166/nuevos-contenidos-en-la-red-temtica.html Cisco will unveil new consumer products and initiatives during a press conference at the 2009 International Consumer Electronics Show (CES) in Las Vegas on Jan. 7, 2009. Cisco Chairman and CEO John Chambers will be joined by key Cisco executives responsible for the company’s consumer strategy to discuss how Cisco ... http://www.ciscozine.com/2009/01/06/cisco-press-conference-at-ces-2009/ The developers behind the Debian Linux distribution have voted to proceed with the release of the next major version despite ongoing controversy over the inclusion of binary firmware in the kernel.Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/44_r9Ir_HEs/20090106-debian-5-release-approaches-binary-blobs-included.html "Micro-blogging site Twitter had to temporarily suspend accounts belonging to Barack Obama, Britney Spears and other celebrities after they were hijacked by miscreants and used to spread scandalous and false information that appeared to come from their owners."–Twitter's veracity chewed up by Britney's four-foot vagina http://feedproxy.google.com/~r/governmentsecurity/news/~3/NwYVZTP_fJo/Micro_blogging_site_Twitter_had_to_temporarily_suspend_accounts_belonging_to "Another good rule is to only choose security vendors who also perform Vulnerability Research and Development ("R&D"). That is to say that the vendor must frequently perform security research against technology, identify vulnerabilities in that technology, create exploits for those vulnerabilities and must release formal security advisories. If they ... http://feedproxy.google.com/~r/governmentsecurity/news/~3/i9t2UoPOFaE/Another_good_rule_is_to_only_choose_security_vendors_who_also_perform_Vulnera ZOMG, did you hear about how British cops are elite haxx0rz in ur base killing all ur d00dz!!!1! Let's all take a deep breath, shall we?Read More... http://feeds.arstechnica.com/~r/arstechnica/BAaf/~3/cKmr-ArMBug/20090106-constable-hax0r-loose-in-the-uk-well-yes-and-no.html I found this recently and checked it out, it’s really nice, great color, works like a charm. The theme is an official MS theme I suppose, signed by them. Heres a screeny. Go ahead and download the zip archive official_embedded_theme_for_windows_xp_and_2003 and simply run the file inside, then change your ... http://www.flyninja.net/art/embedded-theme-for-windows-xp-and-2003-official-theme Hello there! We are glad to announce the launch of our New Forum and IRC Chat. Join us on our Forum: Make sure to register - it’s free and very quick! You have to register before you can post and participate in our discussions. Read more: http://d4rk-c0de.org/d-forum/ Join us on IRC: Server: irc.securitychat.org Channel: ... http://d4rk-c0de.org/2009/01/06/d4rk-c0de-news/ Al menos eso dice el diario La Razón, supongo que con algo más de fiabilidad que sus comentarios técnicos respecto a la criptografía de clave pública. Según ese diario, ETA encargó a un técnico el estudio de "nuevas alternativas" de cifrado, ante su progresiva desconfianza en la resistencia de PGP. Otros medios ... http://www.kriptopolis.org/eta-no-confia-en-pgp WITOOL is SQL injection tool by .NET (2.0) - For SQL Server, Oracle - Error Base and Union Bas Features: ORACLE Injection Injection Auto script Save XML from data Inquery (View, Function object) Download: Here http://d4rk-c0de.org/2009/01/06/witool-sql-injection-tool/ WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards (Compaq, Lucent/Agere, … ) It still in development but tends to be stable. It consist of a patch against the kernel driver, orinoco.c ... http://d4rk-c0de.org/2009/01/06/wavestumbler-v12/ Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: - MD5 hash compare - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected strings in LKM ... http://d4rk-c0de.org/2009/01/06/rootkit-hunter-134/ Según informa nuestro amigo Bruce, el FBI acaba de publicar su segundo reto criptográfico que, en sus propias palabras, resulta "ligeramente más difícil que el del año pasado". Y ojalá, porque los "retos" del FBI no se han caracterizado hasta ahora por su dificultad. Estoy convencido de que cualquiera de los ... http://www.kriptopolis.org/nuevo-reto-fbi Internet debería tener el mismo tipo de censura como el aplicado en la clasificación cinematográfica, considera el ministro de cultura de Gran Bretaña. "Sería una ventaja aplicar en Internet el mismo sistema de censura usado para la clasificación de películas en cines", declaró el ministro de cultura de Gran Bretaña ... http://feeds.feedburner.com/~r/NoticiasSeguridadInformatica/~3/504181529/proponen-aplicar-lmites-de-edad-para.html It seems that after Intel, just about every chip maker wants a piece of the netbook pie. AMD is an obvious competitor, but VIA is also eyeing the little notebooks. However, more exotic options like the Chinese Loongson chips and ARM's Cortex A-8 and A-9 chips are also among the ... http://osnews.com/story/20729/Freescale_To_Take_on_Intel_s_Atom_in_Netbook_Market