What I Know It’s About Experience

29Mar/10Off

Pwn2Own 2010 News

Pwn2Own is the brain child of Dragos Ruiu, the founder and director of the CanSecWest security conference.  This is an annual conference held every year in Vancouver, Canada (usually late March).  If you have never been to it I highly recommend the event. This is probably the most technically advanced conference world wide, even more so then events like Blackhat or Hack In The Box.  It tends to be smaller, about 200 people.  The Pwn2Own is an event where conference attendees are challenged to hack a fully patched device.  The first contest began in 2007 with just a Macbook laptop, but has grown to include items such as a Windows laptop and iPhone.  What makes this contest different then other hacking events is the caliber of contestants.  You literally have some of the best exploit developers in the world. They are motivated with a total of $100,000, but in addition gain tremendous bragging rights.  Many of the contestants said it took them 1-2 weeks to develop the exploits, in some cases two people worked together.  That averages 80-160 man hours to create an exploit. This year at the contest the following fully patched systems were successfully hacked.  
 
Firefox on 64-bit Windows 7
  Internet Explorer 8 on 64-bit Windows 7
  Safari on Mac OS X
  iPhone
So, what does that mean to us?  In general three things.
  1. Developing a new exploit takes a lot of work, however with enough time and talent anything can be hacked, even something fully patched.
  2. In general, most criminals are simply too lazy or do not have the skills to develop such advanced exploits.  But then again, they don't have to.  The simple, well known exploits and vulnerabilities are working just fine.
  3. The only organizations that would have to worry about such attacks are high-value targets. If you believe you are such a target, and that threats may target specifically you, contests like this demonstrate that no matter how much prevention you implement it can be bypassed. Detection and incident response are just as important as prevention. 
via HoneyTech Security Update
Tagged as: , , , , , No Comments
19Mar/10Off

Dynamic Memory Coming To Hyper-V

Jeff Woolsey: I’ve had the pleasure of talking with customers in the last few months and the Hyper-V R2 reception has been nothing but unequivocally positive. Whether it’s been folks in small, medium or the enterprise, they appreciate the new capabilities in Windows Server 2008 R2 Hyper-V and the free Microsoft Hyper-V Server 2008 R2. At the same time, we’re always listening to our customers to better understand their business requirements and requests so we know know what to build for subsequent releases. Today, we’re pleased to announce new capabilities that will enhance both virtualized server and virtualized desktop deployments:

Remote FX: With Microsoft RemoteFX, users will be able to work remotely in a Windows Aero desktop environment, watch full-motion video, enjoy Silverlight animations, and run 3D applications within a Hyper-V VM – all with the fidelity of a local-like performance. For more info, check out Max’s blog here.
Hyper-V Dynamic Memory: With Hyper-V Dynamic Memory, Hyper-V will enable greater virtual machine density suitable for servers and VDI deployments.

 

These are really nice new capabilities read more here

Tagged as: , , , No Comments
9Mar/10Off

1024-bit RSA encryption cracked!!

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.

via: Engadget.com

Tagged as: , No Comments
2Mar/10Off

Opera 10.5 Released… Go get it :)

The fastest brwoser on earth for windows platform has been released & you can download it from here.

Just a reminder of what's new in this release:
1- New Look
2- HTML 5 + CSS 3 support
3- Private browsing
4- Superfast JavaScript engine
5- Smother graphic rendering
6- Privet browsing
7- Fully integrated with windows 7 superbar

Tagged as: , No Comments
25Feb/10Off

Opera 10.5 Beta 2 for Windows is OUT

www.itechmax.com

Yesterday, Opera team released Opera 10.5 beta 2

no major changes only bug fixes as far as i can see

if anyone interested in detailed change log it can be found here.

Click here to download

Tagged as: , , , 2 Comments
13Feb/10Off

Opera 10.5 Beta 1 Faster than Chrome 4

Benchmark Results by Betanews

Opera team released a new version of my favorite browser opera (Opera 10.5 beta 1). I really love the new GUI it's  simple and beautiful. Yes, there is some similarity between the look & feel of opera 10.5 and Google chrome but to me opera looks more elegant.

The benchmarks that i saw today says that Opera 10.5 beta 1  is the fastest browser it's even faster than chrome v5 dev version. here is a short list of what's new in Opera 10.5 beta 1

1- Redesigned interface (much better than opera 10.1)
2- HTML 5 + CSS 3 support
3- Private browsing
4- Much Much faster JavaScript engine
5- Smother graphic rendering

You can download it and try it from here ( http://www.opera.com/browser/next/) just rememeber it's a beta version so don't expect it to be bug free. Currently, Opera 10.5 beta 1 only available for windows platform.

Side Note: Sorry for the podcast delay i'm really really sorry but i'm busy with projects that I'm comittieted to deliver on time so it's taking all my time for now the minute I have a space to breath I promise you that I will release the first episode of whatiknow podcast :) . Thank you for your understanding.

Tagged as: , , No Comments
22Oct/09Off

Windows 7 NY Launch Event :)

Tagged as: , 2 Comments
29Sep/09Off

Dell Latitude Z600: The ideal laptop for business people

A video is worth a million words :)

Tagged as: 2 Comments
19Sep/09Off

DFI hybrid mobo runs 2 systems simultaneously!

These days, the word "hybrid" gets tossed around like a rag doll. We've got hybrid cars, hybrid SLI and hybrid image stabilization -- and that's just for starters. But friends, this hybrid is one worth paying attention to. DFI has been working overtime in order to concoct the next great mainboard, and if this thing can really deliver as advertised, we'd say the gurus responsible for it will succeed greatly. The Hybrid P45-ION-T2A2 motherboard can actually house a complete Atom / Ion-based system on one side, while handling a traditional Socket 775 CPU system on the other. In other words, this single motherboard can power -- let's say -- a low-power server system and your next gaming setup. At the same time! We're still waiting on a firm release date and price, but 'til then, hop on past the break for a swell demonstration vid.

Source: Engadget.com

Tagged as: No Comments
17Sep/09Off

Charlie Miller: Snow Leopard is not as secure as Windows Vista/7

Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.
"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."

Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.

"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."

Interesting news isn’t it :) you can continue reading @ the source here :)
Tagged as: , , , , No Comments
   Older Entries »

Calendar

September 2010
S S M T W T F
« Aug    
 123
45678910
11121314151617
18192021222324
252627282930  

RSS Free Softwares

Tag Cloud

Announcement Antivirus Apple auditors benchmark Beta1 Browser Business Risk Information Security Debug documentation Editions Education Certification Knowledge Experience Federated Search Forensic Hacked Hardware HITB 2008 I'M A PC Internet Broken Live MacBook Micorosft Microsoft Microsoft ads Microsoft ICE nVidia Defective Oracle PDC 2008 Projects Recorder Security Security Awareness Security Talk Snow Leopard Sun SuperFetch UAC USB 3.0 video Wave3 Windows Windows7 Windows 2008 R2 Windows Vista WP-RTL

Posts Archives

Friends