devkhadka (1159057) writes "Corsaur's padlock USB dirve provides PIN lock to provide unauthorised access to your data. It has a built in key pad to enter the pin number to enter the pin code.If it is locked, any computer that it is plugged into won't detect it as a USB device until the correct PIN is entered.This prevents any unauthorized access or "Brute Force" attack to the data on Flash Padlock. Users can program in a PIN, much like they do for an ATM machine, to lock/unlock their data. An easy to use keypad in conjunction with lock/unlock indicator lights makes the Flash Padlock highly intuitive to use.
details : http://devkhadka.hyperphp.com/content/view/54/33/" Link to Original Source top
devkhadka writes "Fedora development team has announced to end the life of fedora 6. No more support and updates for fedora 6 will be available from the date Friday, December 7, 2007 since the new version of fedora, fedora 8 is on the way. Fedora always closes the life of old version about a month before next new release so,as things stands, Fedora 7 will remain supported until one month past the release of Fedora 9,this would be roughly through the end of May, 2008" Link to Original Source top
devkhadka writes "Multiple vulnerabilities have been discovered in Symantec Mail Security for Exchange, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.The vulnerabilities are caused due to various errors within certain third-party file viewers and can be exploited to cause buffer overflows when a specially crafted file is checked. Successful exploitation allows execution of arbitrary code. And are exploited to cause buffer overflows by tricking a user into viewing a specially crafted file.
The following file viewers are affected:
* lasr.dll" Link to Original Source top
devkhadka writes "Yesterday i was in my college server room, I saw usb ports of different computers open here and there, and i was just known about the switchblades the day before yesterday. And a thought came into my mind if i were in the bank and i had my pendrive there what would happen? The thought strike into my mind and how week the security system is? because,The primary purpose of this tool is to silently recover information from Windows systems, such as password hashes, LSA secrets, IP information as well as browser history and autofill information as well as create a backdoor to the target system for later access.The tool takes advantage of a security hole in U3 drives that allows the creation of a virtual CD-ROM drive, whicn allows the Windows autorun feature to work (unless disabled on the target system). Even if autorun or a U3 drive is not used, the application can still be started by executing a single script on the drive." Link to Original Source top
Microsoft Tuesday Patched six instead of seven sec
devkhadka writes "Microsoft has released a total of six security bulletins for October 2007. The Redmond-based company has resolved vulnerabilities rated as "Critical" in Internet Explorer, Outlook Express, Windows Mail and Kodak Image Viewer. These vulnerabilities could allow an attacker to remotely execute code and gain control of unpatched systems. A fix for the Windows remote procedure call (RPC) service and the SharePoint patch, which was postponed on September 2007 Patch Tuesday, were rated merely as "Important" bulletins since they can only be misused for denial of service attacks or elevation of privileges." Link to Original Source top
devkhadka writes "There are and always will be different views on security information disclosure ethics. Thus I will not argue in one direction or the other. I will instead bring up a case as a "food-for-brain" example.
Would you trust someone that auction for a CD that "will make a hacker of you in only a few hours"?
What if the same guy sells free tools to "steal usernames and passwords" and "Sniff out AOL conversations". For only 7.99 pounds you can also buy a "Easy virus construction" kit and "Ready Made Virus".
Would you really believe it's all "for educational use only on your own pc to test for any flaws in your system"?
Is this in any way educational, or is just another shortcut to help script kiddies to vandalize the internet? Is this really a good idea?" top
devkhadka writes "Narrowing the huge field of available add-ons down to the ten best was quite a challenge. Life hacker has published 10 most used firefox extensions that a nerd must have,Your Firefox extension choices have everything to do with your needs, but the ten add-ons you'll find in the following pages are highly-evolved, robust and have proven their usefulness over and over.And this seem to be the must for most of the nerds." Link to Original Source top
How one fall in trap-fake login page,lose password
devkhadka writes "There are several fake loging page software available for download and any one with little knowledge can host the page in free host to trap the email password. There is a favourable senario of thousends of free host are providing space for fee. A person can make the dummy user feel they have loged out of the email program and ask to login, they dont look at the address bar and enter their passowrd in the fake page of evils and is saved there.
In many case evil person sends a greetings link to the targeted person on the mail when one clicks on the link he/she sees a loged out page and is done.How much secure is hotmail server or how much strong is your password, doesnot mater much its just hacked in one minute.
demonstration more" Link to Original Source top
devkhadka writes "Fedora 8 Test 3 is here! This is the last test release before the evelopment freeze and a great time to test all those packages that you now and love. Test 3 is for beta users. This is the time when we must ave full community participation. Without this participation both hardware and software functionality suffers.
Fedora is a Linux-based operating system that showcases the latest in free and open source software. Fedora is always free for anyone to use, modify, and distribute. It is built by people across the globe who work together as a community: the Fedora Project. The Fedora Project is open and anyone is welcome to join.
Up-to-date release notes for Fedora 8 Test 3 can be found at
http://docs.fedoraproject.org/release-notes." Link to Original Source top
devkhadka writes "Social networks can not only be used to make new contacts, but also to track down thieves as events last week at Flickr.com showed. Four laptops and two iMacs, one of which had a web cam, were stolen from Canadian office services provider WorkSpace. The Flickrbooth plug-in for Apple's Photo Booth was installed on the iMac with the web cam. The program automatically sends photos taken with the web cam to the selected Flickr account. An employee at WorkSpace was naturally surprised when he looked into his Flickr account and saw that a new image had been uploaded — one of a tattooed man posing in front of the stolen iMac. The man apparently knew that the iMac was taking pictures of him, but not that it was sending them to Flickr.
The image quickly became viral in forums and blogs all over the world. Shortly after, the suspected thief turned himself over to the police according to a report in the Vancouver Sun. He claims that he bought the computer from a friend of a friend but wished to return it. WorkSpace now hopes to get additional information about who the actual thieves are." Link to Original Source top
Best Career path for nerds and University courses.
devkhadka writes "Are you a Nerd ? so its a good time to u.The colleges around the world are starting to appeal to the nerds in all of us.Here are the best Career path for the nerds starting form ROM hacking n video Game design to Atrificial intelligence and Network security to Ethical hacking.This list of 25 courses and programs offered at colleges around the world identifies some of the nerdiest coursework, starting with the most obvious, and winding up with the most obscure..." Link to Original Source top
devkhadka writes "The Fedora Unity Project is proud to announce the release of new ISO Re-Spins (DVD and CD Sets) of Fedora 7. These Re-Spin ISOs are based on Fedora 7 and all updates released as of September 12th, 2007. The ISO images are available for i386 and x86_64 architectures via jigdo starting Friday, September 28th, 2007. We have included CD Image sets for those in the Fedora community that do not have DVD drives or burners available.
Fedora Unity has taken up the Re-Spin task to provide the community with the chance to install Fedora with recent updates already included. These updates might otherwise comprise more than 700MiB of downloads for a default install. This is a community project, for and by the community. You can contribute to the community by joining our test process." Link to Original Source top
devkhadka writes "A flaw in the 64-bit version of F-Secure Antivirus for Windows Servers 7.00 prevents the software checking crafted archives or compressed executable files,which may allow attackers to smuggle manipulated files containing malicious code past the scanner. The vendor has published a security advisory containing a link to an update that eliminates this bug. So all the users are adviesed to update the software as soon as possible." Link to Original Source top
CA BrightStor Hierarchical Storage Manager execute
devkhadka writes "Computer Associates have released a security advisory in which they report the discovery of vulnerabilities in their BrightStor Hierarchical Storage Manager. Attackers can exploit the holes to inject arbitrary code or crash the service. An update has been released to close the holes.
Whilst the CA advisory does not provide any details of the vulnerabilities, it does categorize the risk as critical. The vendor indicates that the CsAgent service does not check the length of some commands adequately. In addition, the software does not correctly check integer values it receives, which can result in buffer overflows. The result of the insufficient validation of strings in SQL statements remains unclear." Link to Original Source top
devkhadka writes "Security service provider Core Security has released a security advisory describing vulnerabilities in AOL Instant Messenger (AIM). The instant messaging software uses Microsoft's HMTL library mshtml.dll to display messages, but fails to adequately sanitise incoming messages, allowing attackers to execute arbitrary commands on AIM users' computers." Link to Original Source top
devkhadka writes "The finders of the URI holes in Firefox and Windows are now targeting Google. In their blog, Billy Rios and Nate McFeters have described how attackers may steal all pictures organised using Google's picture gallery software Picasa from users' hard disks: It seems that they were able to load pictures from a PC onto a manipulated web server by combining various attack methods, such as cross-application scripting, cross-site scripting, URI tricks and a flash with ActionScript." Link to Original Source top
devkhadka writes "An Attackers can use Unicode character under Vista to conceal filenames and filename extensions. A demonstration by Max Ried makes an executable screen-saver file (.scr) look like a harmless image (.jpg).The display of the false filename is due to the inclusion of Unicode control characters that change the direction of writing. These are required for the Arabic language where writing runs from right to left. Unicode recognizes the control characters (PDF) right-to-left override (RLO, 202E) and left-to-right override (LRO, 202D) to switch the writing direction.
more about this: demonstration here" Link to Original Source top
Numerous holes in CA's ARCserve Backup for Laptops
devkhadka (1159057) writes "Computer Associates reports the discovery of numerous vulnerabilities in its ARCserve enterprise backup solution for laptops and desktops. Attackers can exploit these holes to gain remote control of a management PC and cause it to crash. The vendor says that client installations are not affected. Users can now download an update that remedies the flaws.
Whilst CA only speaks of five vulnerabilities in its security advisory, iDefense asserts that around 60 stack and heap overflows can occur during the handling of certain arguments and commands in the LGserver on port 1900 alone more " Link to Original Source