Hackin9
PCs that are cooler, smaller and faster were announced by computer makers Sunday in advance of Computex, with the new machines featuring Intel's speedier fourth-generation Core processors code-named Haswell.
 

VietNamNet Bridge

The Vietnamese software dream (part 2)
VietNamNet Bridge
CMCSoft, FPT IS, Hanel, Misa or Tinh Van are the Vietnamese well known names in the international market, while BKAV, CMC InfoSec, FPT IS, Lạc Việt, VTC Mobile, AVSoft Corp. have been famous for utility software. Developing the software industry is the ...

and more »
 
Infosys' co-founder and first CEO N. R. Narayana Murthy has returned to the company as executive chairman, amid concerns that the outsourcer's performance has not been as good as that of some of its Indian peers.
 

Two weeks ago I posted a diary on a report published by Trend Micro on a spear-phishing emails campaign using malicious Word documents exploiting a Microsoft Office vulnerability (CVE-2012-0158).

We received a sample of a Word document exploiting CVE-2012-0158 which I took a look at. The file itself is pretty small (325Kb) and based on VirusTotal's MD5 hash report, 30/47 scan engines detected and confirmed it exploits CVE-2012-0158. I used the malwr sandbox to get a better look on how this Word document behaves while running on a Windows system. The one thing I noticed is Yara was positive to check if the file is running in a virtual machine.

[1] https://isc.sans.edu/diary/Safe+-++Tools%2C+Tactics+and+Techniques/15848
[2] https://www.virustotal.com/en/file/2cf2fbe92004b98b8dd5ff4631787dcf8241723020f1216b89a1a706addf9347/analysis/
[3] http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2005-031911-0600-99&vid=17499
[4] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0158
[5] https://malwr.com/analysis/NmI3NjQ1MmI5ODhkNDliMmEwYTlmNjRkYTA0MzZkMzU/
[6] http://code.google.com/p/yara-project/

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Seminar will boost business security
This is Nottingham
The event by Talk*INFOSEC is at Antenna Media, Beck Street, Nottingham, from 4pm to 6.45pm. It will give an insight into how to keep businesses secure, including online. Topics covered will include storing company data, such as client information ...

 
After months of teasers, Intel kicked off shipments of fourth-generation Core processors code-named Haswell, with the first batch being quad-core chips for laptops and desktops.
 
List your passwords alphabetically, so it's easy for you and others to find them!

Give three password crackers a list of 16,000 cryptographically hashed passwords and ask them to come up with the plaintext phrases hey correspond to. That's what Ars did this week in Dan Goodin's Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331.” Turns out, with just a little skill and some good hardware, three prominent password crackers were able to decode up to 90 percent of the list using common techniques.

The hashes that Ars provided the security experts were converted using the MD5 cryptographic hash function, something that puzzled our readers a bit, as MD5 is seen as a relatively weak hash function, compared to hashing functions like bcrypt. flunk wrote, "These articles are interesting but this particular test isn't very relevant. MD5 wasn't considered a secure way to hash passwords 10 years ago, let alone now. Why wasn't this done with bcrypt and salting? That's much more realistic. Giving them a list of passwords that is encypted in a way that would be considered massively incompetent in today's IT world isn't really a useful test."

To this, author Dan Goodin replied that plenty of Web services employ weak security practices: "This exercise was entirely relevant given the huge number of websites that use MD5, SHA1 and other fast functions to hash passwords. Only when MD5 is no longer used will exercises like this be irrelevant. Goodin later went on to cite the recent compromises of "LinkedIn, eHarmony and LivingSocial," which were all using "fast hashing" techniques similar to MD5.

Read 14 remaining paragraphs | Comments

 
In the week ending 31 May – Linux Mint 15 might be the better Ubuntu for the desktop, the Samsung Galaxy S4 has already been hacked, PayPal was vulnerable to XSS, and Thorsten Leemhuis calls on developers to develop their software for everyone
    


 
With every new social network and social service, with every new instant and not-so-instant way to communicate, email rises in importance. Columnist Mile Elgan explains how innovation has transformed email into the best social network.
 
Internet Storm Center Infocon Status