As is said in The Godfather: "In Sicily, women are more dangerous than shotguns." In Poland they`re pretty mean too, as Joanna Rutkowska demonstrated, by taking Vista apart at Black Hat in Las Vegas.
Rutkowska, a senior security researcher with Coseinc, highlighted the possibility of loading arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thereby circumventing Vista`s policy of only allowing digitally-signed code to load into the kernel.
Although this attack can be performed without needing to reboot, it does require administrative privileges to work.
Even though Vista wasn`t as secure as the vendor had everyone believe, Rutkowska did commend Microsoft on a job well done and stressed her attack didn`t mean Vista was inherently insecure.
Pass on e-passports
Cyber criminals, with wealth as their driving force, will stop at nothing. This means excelling at a rate that outstrips the good guys.
Ilva Pieterse, ITWeb journalist
Also at Black Hat, security consultant Lukas Grunwald showed how easy it is to clone electronic passports, sending many countries that have begun to implement the technology into a spin.
Grunwald said the data held on RFID cards within e-passports can be copied easily, and even went as far as to say: "The whole passport design is totally brain damaged."
Sleeping with the fishes
We`ve all heard it before - hackers are no longer hacking for notoriety, but for benjamins. However, what we don`t always realise is the sophistication with which hacker misdeeds are performed.
Specialists and cyber cops at DefCon, that took place in Las Vegas from 4 to 6 August, warned of crime rings (or servers) working out of Russia, Romania and Brazil, with nefarious technical skills that are keeping them ahead of computer security experts.
Simply put - cyber criminals, with wealth as their driving force, will stop at nothing. This means excelling at a rate that outstrips the good guys.
Statistics reveal a loss of $67 billion could be credited to online fraud in the US alone. Credit cards are now being sold for as little as $3, and an estimated one in five home computers in the country is infected with malware.
Protecting el barrio
Google and anti-malware organisation Stop Badware Coalition have teamed up to prevent users from going to sites that could be hosting potential malware (referred to as "badware").
During the redirection process to a "badware tagged" site, users will be taken to a warning page instead and given the option of proceeding (not recommended) or trying a different search.
The page will also be issued with a security rating and suggestions will be provided to the site owners.
AO-hell
America Online (AOL) made a major mess-up last Sunday when it inadvertently released massive amounts of private data to the whole world.
AOL made 20 million search queries made by 650 000 of its users, along with additional information relating to those queries, available for public download on one of its pages.
Although the page has since been taken down, anyone involved with online affiliate marketing, search engine optimisation, and pay-per-click ads will find it easy to use this private information to their advantage.
This data leak could ultimately break AOL. Remember Google`s fight against providing the US Department of Justice with search query information? Well, AOL has simply put this information out there to the general public "for research purposes", as it claims.
Whatever the intention was, the result is potentially devastating and copies of this data are already appearing all over the very wide Web of the cyber world.
Sources used: Sources used: The Register, OhmyNews, ETTN, SC Magazine
Share