Security chip that does encryption in PCs hacked

Posted by JORDAN ROBERTSON | Posted in Linux, News | Posted on 08-02-2010

Deep inside millions of computers is a digital Fort Knox, a special chip [TPM] with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks.

Ubuntu 9.10 and GNOME 2.28: Advancing Past Meh

Posted by Carla Schroder | Posted in Linux, News | Posted on 08-02-2010

Many eons ago, GNOME 1.4 still lived, and it was good. It was extremely configurable and hackable. You could use either Enlightenment or Sawfish as the window manager, and could customize it to your heart’s content. It was even friendly to homegrown GTK+ hacks. And then tragedy struck: the GNOME maintainers decided that 1.4 needed a ground-up rewrite, and thus GNOME 2.0 was born.

5 open source office suites to watch

Posted by Rodney Gedda | Posted in Linux, News | Posted on 08-02-2010

The Microsoft Office productivity suite has risen to become the dominant application of its type for business IT management. But there are open source office productivity suites available that may provide a suitable alternative to Office, depending on your requirements. Despite the scores of additional features found in products like Microsoft Office, most workers only need a simple word processor or spreadsheet to complete their day-to-day office tasks. If your staff are not “power users” then having a full-blown office suite on their desktop can be overkill. In this edition of 5 open source things to watch, we take a look at office suites that can manage you business information without emptying the company coffers.

HPSBMA02487-SSRT100024.txt

Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 08-02-2010

HP Security Bulletin – A potential vulnerability has been identified with HP Operations Agent running on Solaris 10. The vulnerability could be exploited remotely to gain unauthorized access.

MDVSA-2010-034.txt

Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 08-02-2010

Mandriva Linux Security Advisory 2010-034 – Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45.

HPSBUX02503-SSRT100019.txt

Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 08-02-2010

HP Security Bulletin – Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).

Has the Irresistible Rise of OpenOffice.org Begun?

Posted by Linux Today | Posted in News | Posted on 08-02-2010

Computerworld UK: “Regular readers of this blog will know that I’m a big fan of OpenOffice.org, and that I think it has the potential to break through into the mainstream. Maybe it’s already begun…”

SourceForge Removes “Blanket” Block

Posted by Joe Brockmeier | Posted in Linux, News | Posted on 08-02-2010

After just a few weeks, SourceForge has backed off its policy of imposing a blanket ban on all users trying to access the site from countries on the U.S. “banned” list. Instead, it announced on Sunday that it’s putting the decision in the hands of each project that hosts on the site. According to SourceForge’s Lee Schlesinger, the company has no way of knowing which projects should or shouldn’t trigger a block.

Virtualizing a Supercomputer

Posted by kdawson | Posted in News, os | Posted on 08-02-2010

bridges writes “The V3VEE project has announced the release of version 1.2 of the Palacios virtual machine monitor following the successful testing of Palacios on 4096 nodes of the Sandia Red Storm supercomputer, the 17th-fastest in the world. The added overhead of virtualization is often a show-stopper, but the researchers observed less than 5% overhead for two real, communication-intensive applications running in a virtual machine on Red Storm. Palacios 1.2 supports virtualization of both desktop x86 hardware and Cray XT supercomputers using either AMD SVM or Intel VT hardware virtualization extensions, and is an active open source OS research platform supporting projects at multiple institutions. Palacios is being jointly developed by researchers at Northwestern University, the University of New Mexico, and Sandia National Labs.” The ACM’s writeup has more details of the work at Sandia.

Read more of this story at Slashdot.


Ex-Intel exec pleads guilty to insider trading

Posted by Team Register | Posted in News | Posted on 08-02-2010

Admits outing Intel earnings, WiMAX plans

Former Intel executive Rajiv Goel has pleaded guilty to two charges of conspiracy and securities fraud in connection with the Galleon insider trading case. Goel is the tenth person to plead guilty in the case, which the FBI and the US attorney’s office in Manhattan call the largest hedge fund inside trading case in US history.…

What is your recession sales strategy?

Alexandria Project Chap. 4: Beware of Greeks bearing Trapdoors

Posted by Linux Today | Posted in News | Posted on 08-02-2010

Standards Blog: “Our story so far: Security expert Frank Adversego comes under suspicion when the Library of Congress is hacked by a mysterious cracker with motives unknown and a taste for the bizarre; to protect himself, Frank had better get to the bottom of things”

[CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers

Posted by Bugtraq | Posted in News | Posted on 08-02-2010

Posted by CORE Security Technologies Advisories on Feb 08

Core Security Technologies – CoreLabs Advisory
http://www.coresecurity.com/corelabs/

Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers

1. *Advisory Information*

Title: Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
Advisory Id: CORE-2010-0121
Advisory URL:
http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities
Date published: 2010-02-05
Date of last update: 2010-02-05…

Adobe apologizes for festering Flash crash bug

Posted by Team Register | Posted in News | Posted on 08-02-2010

16 months…and counting

An Adobe product manager has apologized for allowing a potentially serious bug in Flash Player to remain unfixed for more than 16 months.…

What is your recession sales strategy?

[Hacking Event] Night Da Hack 2010 : Call For Proposals

Posted by Bugtraq | Posted in News | Posted on 08-02-2010

Posted by m . mahdjoub on Feb 08

- Night Da Hack 2010

Date: June 19-20 2010
Time: 4 PM – 7 AM
Location: Paris, France

What is Night da Hack?
“Night da Hack” comes from a rough translation from French “Nuit du Hack”. Started in 2003 by Hackerz Voice team, and
inspired by world famous DEF CON, “Nuit du Hack” is one of the oldest French underground hacking conference.

Around computer security related talks, workshops and contests, Night da Hack aims at bringing…

Conficker outbreak infects Leeds hospital servers

Posted by Team Register | Posted in News | Posted on 08-02-2010

Sicko

Servers on the network of Leeds Primary Care NHS Trust were struck down by the Conficker worm late last week.…

Case Study: WhatsUp keeps Legoland turnstyles ringing

JDownloader Remote Code Execution

Posted by Bugtraq | Posted in News | Posted on 08-02-2010

Posted by Matthias -apoc- Hecker on Feb 08

– Product

JDownloader[1] is an open source download manager for One-Click-
Filehoster like Rapidshare or Megaupload. The Click’n'Load[2] interface
allows external applications and websites to send URLs to the local
running JDownloader. With Click’n'Load2 [3] it is possible to sent
AES-CBC encrypted URLs (for some kind of link ‘obfuscation’).
The encrypted payload _and_ key are sent with an HTTP-POST submit on
localhost port 9666 (default port,…

Re: Samba Remote Zero-Day Exploit

Posted by Bugtraq | Posted in News | Posted on 08-02-2010

Posted by Stefan Kanthak on Feb 08

Dan Kaminsky wrote on February 06, 2010 6:43 PM:

OUCH!
No, creating junctions (as well as the Vista introduced symlinks)
DOESN’T need admin rights!

[snip]

Stefan

The kernel column by Jon Masters #83

Posted by Jon Masters | Posted in Linux, News | Posted on 08-02-2010

Last month many developers were scurrying to prepare for the 2.6.33 merge window. When they weren’t doing that, here are a few of the items that were under discussion, starting with the Big Kernel Lock…

The kernel column by Jon Masters #83

Posted by Linux Today | Posted in News | Posted on 08-02-2010

Linux User and Developer: “As I’ve mentioned before, one of the longer-term goals of the kernel development community is to kill off the Big Kernel Lock (BKL).”

Study Says OOXML Unsuitable For Norwegian Government

Posted by kdawson | Posted in Government, News | Posted on 08-02-2010

angry tapir writes “Microsoft’s XML-based office document format, OOXML, does not meet the requirements for governmental use, according to a new report published by the Norwegian Agency for Public Management and eGovernment (DIFI). The agency wants to start a debate over the report as part of its work on standards in the Norwegian government. (As we discussed a week ago, Denmark has already decided to choose ODF over OOXML)”

Read more of this story at Slashdot.