Miscreants broke into Twitter's admin system on Sunday night using a simple password guessing hack, it has emerged.A teenage hacker, known in the digital underground as GMZ, claims he obtained access to the micro-blogging site’s admin controls using a brute force dictionary attack. After guessing the login identity of an administrator, in part based on the large number of people she followed, GMZ ran an automated password guessing program overnight to reveal that 'Crystal' used the eminently guessable password of "happiness". The 18-year-old student then used these details to offer up access to Twitter accounts on request through Digital Gangster, an underground hacker forum, Wired reports.The move enabled griefers to break into the Twitter feeds of the likes of Britney Spears, Fox News and US President-Elect Barack Obama on Monday to push out bogus messages. GMZ sat on the sidelines during this attack because he had failed to use a proxy during his password cracking attack, making him more at risk of identification.
A researcher has discovered a way to reliably exploit a known security vulnerability in a wide class of Cisco System routers, a finding that for the first time allows attackers to hijack millions of devices with a single piece of code.The discovery by Felix "FX" Lindner of Recurity Labs in Berlin brings the write-once-run-anywhere approach of software development to the dark art of compromising routers that form the core of the internet. Previously, reliable exploit code had to be specifically fashioned to one of more than 15,000 different supported builds of IOS, or Internet Operating System, which run various Cisco devices.
A practical attack on Intel's trusted execution technology (TXT) is due to be demonstrated at a hacking conference next month.Security researchers from Invisible Things Lab have created a technique for compromising the integrity of software loaded via TXT, a key component in Intel's Safer Computing Initiative and part of the chip giant's vPro brand. Intel's TXT technology - which aims to protect systems against tampering - hooks into CPUs and chipsets as well as featuring use of Trusted Platform Module 1.2 (TPM) technology.For example, the technology ensures programs running on a virtual machine are free to go about their business without interference from other (potentially malicious) packages loaded onto the same system. It also has applications in Digital Rights Management.
After being publicly outed issuing web credentials that were vulnerable to attacks that could allow criminals to spoof the encryption certificates of any website on the internet, VeriSign has issued assurances it has neutralized any real-world threat.Tim Callan, vice president of VeriSign's product marketing, has said that within hours of last week's news that researchers had uncovered a devastating weakness in secure sockets layer certificates issued by VeriSign subsidiary RapidSSL, the company made changes to ensure all its SSL products were immune to the attacks.As usual, the truth is a little more complicated.
A denial-of-service attack that limits the number of SMS messages that can be received by Nokia smartphones has been disclosed and demonstrated.Dubbed the "curse of silence" by German security researcher Tobias Engel, the attack occurs when Nokia Series 60 phones are sent a malformed e-mail message via SMS (Short Message Service). Engel demonstrated the attack on Tuesday at the Chaos Communication Congress in Berlin, according to a blog post by security vendor F-Secure.
At CES 2009, Toshiba showed off a conceptual computer interface that uses hand gestures for control. With simple motion sensing technology and a software interface, Toshiba hopes to open up applications for video games and other interactive media.
Microsoft boss Steve Ballmer used his keynote speech at CES to announce that software developers would get at the trial version on 7 January.On 9 January members of the public will get the chance to download the successor to Windows for themselves.Mr Ballmer said Windows 7 would be the pivot of a broader Microsoft push to improve the way its separate software and service families work together.
Security researcher Dan Kaminsky made headlines last year when he discovered a critical DNS flaw. If left unpatched it could have crippled vast parts of the Internet.As 2009 starts up, a new DNS flaw has emerged, but the severity of the threat is less pronounced.ISC (Internet Systems Consortium) the group leading development of the open source BIND DNS server that dominates the Internet, quietly issued a patch to multiple versions of BIND this week.
If you're an incumbent cable operator who has had the TV market to yourself for several years only to be challenged by an upstart that offers a better service, you've got two options: ratchet up your own offerings or sue the upstart. Faced with an incursion by Verizon's FiOS TV and Internet service into some of its territories, Charter is apparently going with door number two, filing a patent infringement lawsuit against Verizon on the last day of 2008.At issue are four patents owned by Charter covering video-on-demand services, dynamic pricing for subscription-on-demand services, and a pair of patents covering data transmission. The most interesting appear to be the three patents which relate to video transmission. One patent, 6826197, seems rather generic, describing a data packet with a header, routing information field, data field, data payload, and error correction field. It does have the capability of "efficiently propagating a payload through a multi-user, digital video distribution system," however.
Borrowing the "Not in My Name" slogan popularized by anti-war and pro-Palestinian activists, New Zealand's newborn Creative Freedom Foundation is leading a petition drive to block implementation of copyright legislation slated to take effect at the end of February. Critics charge that Section 92 of the Copyright (New Technologies) Amendment Act, enacted this past April, requires ISPs to act on a principle of "guilt upon accusation," cutting off the Internet connections of users merely alleged to be violating copyright.Section 92 has also drawn the ire of New Zealand's ISPs, under the umbrella of the Telecommunications Carriers' Forum, which has blasted the reform as "a deeply flawed law that undermines fundamental rights and simply will not work.” Jamie Baddeley, who heads the country's ISP trade association, argues that the legislation, which makes providers legally liable for failing to delete infringing material and disconnect infringers, "has the potential to put some of our smaller innovative members out of business."
4. VeriSign Remedies Massive SSL Blunder (kinda, Sorta)-Ehtyar (January 10, 2009, 03:41 PM)
