Firefox Mulitple Vulnerabilities

An upgrade to Firefox 1.5.0.2 has been available for a couple days now. Sorry for the delay. I've been sick all weekend. Just love it. I have a long weekend and I have to spend it with a throbbing headache. Ah well. So here is the scoop... 1) An error exists where JavaScript can be injected into another page, which is currently loading. This can be exploited to execute arbitrary HTML and ...

Continue reading

China Outlaws Outlook

The Chinese government continues on its push to muzzle its people a la 1984. They have introduced regulations that effectively make it illegal to operate a mail server without being first licensed by the gov. This is part of China's new spam laws put forth by the Ministry of Information Industry. “Looking at the Chinese text, it is clear they have worded it carefully”, he [James Seng] told vnnet, “They know ...

Continue reading

Afghan Bizarre…US Troops Info For Sale

This is rather frightening. At an Afghan bazaar a CNN reporter was able to purchase USB drives...with data on them! Normally one would say 'yeah, so what'. Well it just so happens that the drives in question were stolen by Afghan workers from the Bagram US airbase. The shop keeper in the article explained that he ould care less about the data he's just interested in selling the USB ...

Continue reading

AT&T Seeks to Hide Spy Docs

Well, well, well. AT&T has allegedly been hard at work violating your rights. A former employee has leaked internal documents to the EFF. It would appear that secret rooms were installed to allow the NSA to intercept all sorts of communications without a warrant. Now AT&T is suing to suppress the docs. Mark Klein, a former technician who worked for AT&T for 22 years, provided three technical documents, ...

Continue reading

Lenovo Helping the Bad Guys

Part of what I do for a living is forensic investigations. That means recovering data from hard drives in part. Now Lenovo is offering a one button approach to smoking a hard drive. This is meant to allow for quicker formatting of corporate systems prior to lease rollover. If I were a nefarious type this would be the perfect one button solution to hit when the cops were busting down ...

Continue reading

Hydro Makes Changes After Security Plans Stolen

It would appear that there will shortly be a job vacancy at Hydro Quebec. A file folder containing security plans and passwords was found sitting on a Metro platform in Montreal. Now, for the uninitiated this is bad. Hydro Quebec is one of many companies that make up critical infrastructure for North America. The documents had been in a briefcase belonging to a Hydro-Quebec security adviser, who placed it at ...

Continue reading

German Bank Uses e-signatures to Curb Phishing

Well at least one bank gets it. German bank, Postbank, with roughly 12 million customers gets it. They have introduced digitally signed emails for their communications with customers. However, I'm sure it will be a matter a moments before the phishing lot discover how to work around this one. At least they're trying. Hell, it could be worse, it could be Citibank. But, to add to this is an interesting survey ...

Continue reading

Crossplatform Virus Proof of Concept

This is kinda freaky. The Viruslist has posted that someone out there has managed to cookup a crossplatform virus. This is no small feat though not impossible. It's written in assembler and has the ability to infecct files on both Linux (ELF files) and Windows (PE). To infect ELF files, the virus uses INT 80 system calls and injects its body into the file immediately after the ELF file header and ...

Continue reading

Libby: Bush Authorized Plamegate Leak

OK, not like this was anything I didn't expect. Former aide to Vice Prez Dick Cheney, Lewis "Scooter" Libby testified at a grand jury that George W. Bush authorized the leak of CIA agent Valerie Plame. Libby, 55, testified in 2003 that he provided reporter Judith Miller with information from a classified National Intelligence Estimate after being told by Cheney that Bush "specifically had authorized" him to "disclose certain information in the ...

Continue reading

Man held as terrorism suspect over punk song

This is too stoopid. British anti-terrorism cops apprehended a man who was riding in a taxi and singing along to a Clash tune. Yes, I said it a Clash tune. While listening to the tune on a pair of headphones he sang aloud some of the lines "Now war is declared -- and battle come down" while other lines warn of a "meltdown expected." The man taken into custody, Harraj ...

Continue reading