Recent Posts

851

Living Room / Re: Vuln. Alert: Malformed URLs Crash Acrobat 9

« Last post by Ehtyar on September 14, 2008, 09:34 PM »

Denial of service is the technical term, regardless of any connotations associated with the phrase.

I wouldn't say they're blatantly lying, just exaggerating or sensationalizing the scope of the problem.

-mwb1100 (September 14, 2008, 06:09 PM)

How so, given that their use of this phrase is entirely legitimate?

-Ehtyar (September 14, 2008, 06:21 PM)

It may be a technical term, but apparently there is still some difference of opinion on it.  In my opinion it's a stretch to call this a denial of service - what service is being blocked/prevented/denied?

Since you suggested using Google to clear up any  misconception, here's what I get on the first results page for the search '"denial of service" definition', listing only the results that don't discuss only distributed denial of service attacks, which I think everyone can agree this is not:

A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have.

-http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci213591,00.html

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

-http://en.wikipedia.org/wiki/Denial-of-service_attack

A type of crack attack that makes it difficult, if not impossible, for valid system users to access their computer or particular services?such as Web applications?on a computer.

-http://www.yourdictionary.com/denial-of-service

A condition in which a system can no longer respond to normal requests.

-http://www.pcmag.com/encyclopedia_term/0,2542,t=denial+of+service&i=41128,00.asp

I still don't think this meets these definitions. If you do, that's fine.

-mwb1100 (September 14, 2008, 09:20 PM)

Are you suggesting Acrobat provides no service? In any case, were it an infinite loop scenario you're probably looking at high CPU usage, which may conform to your definition.
Notice how each of your definitions is followed by the word 'attack'? The article never mentioned a 'denial of service attack', it simply refers to Acrobat freezing as 'denial of service'. You can find some examples of its usage here.

Ehtyar.

852

Living Room / Re: Vuln. Alert: Malformed URLs Crash Acrobat 9

« Last post by Ehtyar on September 14, 2008, 06:28 PM »

One of the thing Adobe always say is that leaving behind older versions of Acrobat when you upgrade causes problems. Old versions should be removed completely before installing a new major version. Maybe you should try a clear out of all Acrobat software and then reboot and reinstall the latest version.

-Carol Haynes (September 14, 2008, 06:24 PM)

Clearly they take great care to ensure their applications function optimally *cough* *splutter*

Ehtyar.

853

Living Room / Re: Vuln. Alert: Malformed URLs Crash Acrobat 9

« Last post by Ehtyar on September 14, 2008, 06:21 PM »

Ehtyar, I think the issue here with using "denial of service" is that we usually hear it in terms of DOS or DDOS attacks, and not just bugs.

-Deozaan (September 14, 2008, 05:43 PM)

I understand. Perhaps a quick Google or two might help clear up any misconception before people post on a thread they're confused about. Denial of service is the technical term, regardless of any connotations associated with the phrase.

I wouldn't say they're blatantly lying, just exaggerating or sensationalizing the scope of the problem.

-mwb1100 (September 14, 2008, 06:09 PM)

How so, given that their use of this phrase is entirely legitimate?

Ehtyar.

854

Living Room / Re: News Article: LHC Website Defaced

« Last post by Ehtyar on September 14, 2008, 06:18 PM »

What's a SCADA grid? What could they do to the LHC that would make it dangerous or whatever?

-Deozaan (September 14, 2008, 06:06 PM)

I believe f0dder is referring to the LHC's Supervisory Control And Data Acquisition grid, and indeed he has a very good point. You'd think of all places that ignore security, the LHC would not be one of them.
Surely you can imagine someone managing to cause some damage with the worlds largest particle accelerator at their control.

Ehtyar.

855

Living Room / Re: News Article: Twitter Profile Serves Orkut Malware

« Last post by Ehtyar on September 14, 2008, 06:15 PM »

We're a bunch of elitist snobs in here, aren't we?

-Deozaan (September 14, 2008, 06:05 PM)

I'm afraid in this case I do fall into that category assuming you were referring to f0dders comments

Ehtyar.

856

Living Room / Re: Google Gets Exclusive Rights To Your Pants

« Last post by Ehtyar on September 14, 2008, 06:14 PM »

Googlecat:

I can haz ur patnz now plz?

-Deozaan (September 14, 2008, 05:59 PM)

ROFL!

Ehtyar.

857

Living Room / Re: News Article: Insecure Cookies Leak Sensitive Information

« Last post by Ehtyar on September 14, 2008, 05:15 PM »

I wonder if this is something that can be added to FireFox via plugin (I know nothing about how low-level plugins can get).  It might be interesting to see if web browsing is still usable.

-mwb1100 (September 14, 2008, 05:11 PM)

When I read the article myself, I ran a quick search on mozilla and it does not seem there is an extension for this, nor is there one for the secure bit. I would say it's relatively easy, but I suck at overlays so I'm not your man.

Ehtyar.

858

Living Room / Re: Vuln. Alert: Malformed URLs Crash Acrobat 9

« Last post by Ehtyar on September 14, 2008, 05:12 PM »

Use of "denial of service" in this case is entirely legitimate, unless they're blatantly lying, which I am yet to see any evidence of, unless you have any...?

Ehtyar.

859

Living Room / Re: Vuln. Alert: Malformed URLs Crash Acrobat 9

« Last post by Ehtyar on September 14, 2008, 03:49 PM »

I'm at a loss as to how this can be called a "denial of service" vulnerability.  Sure, it's a bug in Acrobat, but from the description all it does is cause it to crash when you open a document with the malformed URL.  What service is being denied?  The ability to open documents that are intended to crash the program?

-mwb1100 (September 14, 2008, 02:01 PM)

When a program is referred to as undergoing denial of service, it means the application is not functioning, for example its main thread may be processing an infinite loop, or using a blocking function that won't return etc.

Ehtyar.

860

Living Room / Re: News Article: Insecure Cookies Leak Sensitive Information

« Last post by Ehtyar on September 14, 2008, 03:43 PM »

Secure websites are vulnerable to a new man-in-the-middle attack that takes advantage of cookies with the secure bit set.

-Ehtyar (September 14, 2008, 04:14 AM)

That should read "takes advantage of cookies without the secure bit set". 

-mwb1100 (September 14, 2008, 02:21 PM)

Thank you.

The exploit works by poisoning or otherwise spoofing DNS somehow (the article doesn't mention how CookieMonster does this, and I'm not sure how easy it is to do) and placing images on webpage that claim to come from the target website, but without HTTPS/SSL.  If the secure bit is not set on the authentication cookie, the browser will send it along in cleartext so the attacker gets the cookie.  If the secure bit is set on the authentication cookie, the browser will not send it to the attacker.

-mwb1100 (September 14, 2008, 02:21 PM)

The Kaminski flaw is fast falling from the public spotlight, though whether it should be remains to be seen. I imagine exploits taking advantage of it will be popping up for some time.

Ehtyar.

861

Living Room / Re: News Article: Insecure Cookies Leak Sensitive Information

« Last post by Ehtyar on September 14, 2008, 08:22 AM »

IMHO a SessionId (or whatever other information stored in cookies) by itself shouldn't be enough to be validated on a site... an active session ought to also track the IP the connection is originating from. Doesn't solve the problem, but it should mitigate the problem.

-f0dder (September 14, 2008, 08:17 AM)

I've experienced that feature on a few forums I frequent. I think IPB does it by default.

Ehtyar.

862

Living Room / Re: News Article: YouTube Malware, The Easy Way

« Last post by Ehtyar on September 14, 2008, 08:18 AM »

Wait, you don't read what you post?!?!?!?

-Josh (September 14, 2008, 07:56 AM)

Apparently you don't read what I post bitch

He doesn't look at URLs before clicking, either

-f0dder (September 14, 2008, 08:12 AM)

Wha..?

Ehtyar.

863

Living Room / Re: News Article: P2P Snoops Need PI License In Michigan

« Last post by Ehtyar on September 14, 2008, 08:13 AM »

Run uTorrent with PeerGuardian for a few days. I guarantee no matter how legit your torrents are you will see MediaSentry on that list.

Ehtyar.

864

Living Room / Re: News Article: YouTube Malware, The Easy Way

« Last post by Ehtyar on September 14, 2008, 07:53 AM »

Hmm, I didn't read it that way, but it certainly makes sense. The article doesn't appear to make a direct statement either way, but I'm guessing you guys are right, which makes this exploit a lot less dangerous than I first suspected.

Ehtyar.

865

Living Room / Re: News Article: On/Off Switch For RFID Cards

« Last post by Ehtyar on September 14, 2008, 07:01 AM »

What I meant was that the operators have this option, not the customers.

Ehtyar.

866

Living Room / News Article: Comcast Sues FCC

« Last post by Ehtyar on September 14, 2008, 05:36 AM »

Comcast is suing the FCC in relation to its recent loss in its battle to validate its interference with its customers P2P traffic.

Ever since the FCC handed down its 3-2 decision against cable operator Comcast's network management techniques, Comcast has been expected to sue the FCC. Today, the cable giant made good on those predictions, filing an appeal of the FCC ruling in the DC Court of Appeals, which has jurisdiction over FCC decisions.

The appeal itself is brief: a two-page document, a cover letter, and a $450 check. But the fight that it spawns will no doubt drag on for quite some time, centering on one major question: can the FCC rule against Comcast based on a policy statement that the FCC said was not enforceable at the time?

Full Story

Ehtyar.

867

Living Room / News Article: P2P Snoops Need PI License In Michigan

« Last post by Ehtyar on September 14, 2008, 05:30 AM »

Michigan recently passed a law requiring the (arguably) biggest P2P snoop to have a private investigators license.

The RIAA's campaign against filesharers follows a standard procedure: find a computer offering files for download, get a court to force the ISP or organization that provided the computer's IP address to reveal the computer's owner, and then sue the owner. The group has contracted with MediaSentry to do the work of identifying the infringing computers, but that company's methods have been called into question in a number of states that have licensing requirements for private investigators that include the computer-based snooping required to gather the data. Michigan was one such state and, if there was any doubt about the licensing issue there, it's gone now: the state passed a law that specifically calls for computer forensics groups to be licensed.

Full Story

Ehtyar.

868

Living Room / News Article: On/Off Switch For RFID Cards

« Last post by Ehtyar on September 14, 2008, 05:25 AM »

An on/off switch has been developed for RFID cards.

A U.K. firm has developed an on/off “switch” for RFID cards that could protect cardholders from being hacked. The cardholder activates the RFID transmission by squeezing the card between his thumb and forefinger when it must be scanned by a reader.

The patented polymer-based technology comprised of metal particles is embedded into a circuit and gets built into a smart card during the lamination process. When compressed, it acts as an RFID signal conductor. “The difference is that RFID is always on and being interrogated, but this is always off until the instant you want it read,” says a spokesman for Peratech, which says it’s currently in discussions with smart card vendors.

Full Story

Personal comment: Seems a little impractical to me, especially when you have the alternative of not using RFID at all staring you in the face.

Ehtyar.

869

Living Room / News Article: Anti-Spam Law Declared Unconstitutional

« Last post by Ehtyar on September 14, 2008, 05:20 AM »

The Virginia Supreme Court has declared the state's anti-spam laws violate the 5th amendment.

The Virginia Supreme Court declared the state's anti-spam law unconstitutional Friday and reversed the conviction of a man once considered one of the world's most prolific spammers.

The court unanimously agreed with Jeremy Jaynes' argument that the law violates the free-speech protections of the First Amendment because it does not just restrict commercial e-mails - it restricts other unsolicited messages as well. Most other states also have anti-spam laws, and there is a federal CAN-SPAM Act as well, but those laws apply only to commercial e-mail pitches.

Full Story

Ehtyar.

870

Living Room / News Article: Firefox 3.1 To Include "Private Browsing"

« Last post by Ehtyar on September 14, 2008, 05:18 AM »

Firefox 3.1 will allow users to make use of a 'private browsing' mode that will cover their online tracks.

Mozilla is jumping on the latest privacy bandwagon, with developers already working hard to ensure a new private browsing feature ships in Firefox 3.1, due to arrive at the end of 2008.

Private browsing, or “porn mode” as it’s often referred to, since that’s one of the more obvious uses, restricts the information that your browser gathers as you visit websites. Cookies are rejected, URLs are kept out of the browser history, forms are not auto-filled and pages are not cached.

Full Story

Ehtyar.

871

Living Room / News Article: YouTube Bans Terrorist Videos

« Last post by Ehtyar on September 14, 2008, 05:11 AM »

YouTube has banned videos 'Intended to Incite Violence or Encourage Dangerous, Illegal Activities'.

We should all feel safer now that Google's YouTube has unveiled new guidelines that will not tolerate uploaded videos "intended to incite violence or encourage dangerous, illegal activities that have an inherent risk of serious physical harm or death."

Viewers of the popular video sharing site instead will have to use Google's search engine to find them elsewhere. Or, better yet, just turn on the boob tube and click onto any broadcast or cable network.

Full Story

Ehtyar.

872

Living Room / Vuln. Alert: Malformed URLs Crash Acrobat 9

« Last post by Ehtyar on September 14, 2008, 05:03 AM »

Adobe Acrobat can suffer a denial of service or crash after being served a malformed URL.

Certain URLs can cause Adobe Acrobat 9 to suffer a denial of service or crash, says a researcher.

According to an alert from the SecuriTeam mailing list, "a vulnerability in Adobe Acrobat 9 allow attackers to cause the program to crash by providing it with a malformed URL."

Full Story

Ehtyar.

873

Living Room / Vuln. Alert: YouTube Tool Helps Spead Trojans

« Last post by Ehtyar on September 14, 2008, 04:59 AM »

A new tools helps YouTubers distribute malware.

Miscreants have created a tool that dumbs down the process of using fake YouTube websites to spread malware.

The YFakeCreator tool allows budding VXers to set up a fake site and configure options such as the properties of a supposed video. Typically users are required to download a fake codec to view content, which is not actually on offer. The codec contains the malware payload which can be anything from adware to a Trojan.

The tool also includes the ability to set-up a fake error message in a bid to disguise any attack.

Full Story

Ehtyar.

874

Living Room / Vuln. Alert: "UK's Chernobyl" Spam

« Last post by Ehtyar on September 14, 2008, 04:32 AM »

Spam campaign claims nuclear disaster in London, but links to malware instead.

A widespread spam campaign claims that a nuclear power plant on the outskirts of London exploded on Tuesday afternoon.

No such plant exists anywhere near London. The nearest is probably Dungeness B in south east Kent, some 77 miles (124km) by road from the capital.

The email claims to offer pictures of victims. In reality, the attached zip file is contaminated with a Trojan horse, identified by net security firm Sophos as Troj/Agent-HQE. Once the malware is installed, hackers can use it to spy on the victim's computer and steal information for financial gain.

Full Story

Ehtyar.

875

Living Room / News Article: Arizona Stops Serving Death Certs On Web

« Last post by Ehtyar on September 14, 2008, 04:26 AM »

Arizona will no longer be offering copies of death certificates online amid identity theft concerns.

Arizona authorities have stopped publishing copies of death certificates on a website over concerns that the information might be used in identity theft scams.

Maricopa County - which covers the state's largest city, Phoenix - discontinued the long-standing practice of posting digital copies of death certificates last month after complaints from the general public, the Arizona Republic reports. The publication of digital certificate of death notices, which are needed to complete certain real estate transactions, was designed to reduce bureaucracy but has attracted criticism over privacy issues for years. These concerns, along with more recent ID theft worries, have prompted a rethink.

Full Story

Ehtyar.