Posted by Avik Sarkar
On 1/01/2012 04:35:00 pm
The Electronic Privacy Information Center (EPIC), has filed suit in US District Court against the Department of Homeland Security. The grounds for the suit is a refusal by DHS to reply to a Freedom of Information Act request filed by EPIC in April of this year.
According to EPIC’s Press Release the center of the issue is a plan by DHS to create fake accounts on social networking sites and use those accounts to monitor the networks for certain key words – such as “drill,” “infection,” “strain,” “virus,” “trojan,” and others. The complaint was filed in the District of Columbia, and asks the court to compel DHS to process EPIC’s FOIA request, as well as to order DHS to produce the records EPIC has requested, to acknowledge EPIC as news media, and to pay EPIC’s legal bills for the suit. The impetus for EPIC’s request was an announcement by DHS that it planned to implement a Social Media Monitoring and Situation Awareness Initiative, whereby it would monitor social media sites in order to gain realtime information on events. The DHS announcement states that the goal of the initiative is not to collect personally identifiable information except in extreme cases – e.g., a person trapped in rubble with their mobile phone who is posting their status (as happened during the Japanese tsunami).
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/01/2012 04:35:00 pm
Few days ago The Hackers Army has declared their new operation named
#OPfreePalestine. Today they have their 1st blow. More than 1100 sites get hacked including 88 hosting sites, 31 Important Netherland server rooted, France no 1 hosting rooted by The Hackers Army. The list of hacked sites and the message can be found in a
pastebin release. Also the official press release of The Hackers Army can be found on a
YouTube video.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/01/2012 04:35:00 pm
At the 28th
Chaos Communication Congress security conference in Berlin, Germany researchers demonstrated a newly realized vulnerability that is present in most web frameworks.
Alexander “alech” Klink and Julian “zeri” Wälde delivered a demonstration and lecture titled "Efficient Denial of Service Attacks on Web Application Platforms". In their lecture they explained in detail how most web programming languages utilize hashes and manage collisions.According to an exclusive report by ns "The type of hashing used by PHP, Java, Python and JavaScript in this attack is not a cryptographic hash, it is a simple mathematical hash used to speed up storing and retrieving data posted to web pages."
Under normal circumstances, the collisions in the hashes are managed by built-in language constructs and are not really an issue. However, in these types of attacks, the attacker can send pre-calculated values that will result in all of the hash values being the same, which will crash the majority of servers. On that same Sophos post, they stated that, "An example given showed how submitting approximately two megabytes of values that all compute to the same hash causes the web server to do more than 40 billion string comparisons." which is an nearly inconceivable for just looking some data for a webpage. Apparently the keepers of the language Perl, went ahead and did something about this vulnerability some time ago, but nobody else followed suit, so they are all at risk. Hopefully, the people behind PHP, Python, and other applicable languages will actually pay attention this time and go ahead and make the necessary changes.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/01/2012 04:34:00 pm
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/01/2012 04:34:00 pm
Now Microsoft has found the root cause behind the
SMS vulnerability in its Windows Phone operating system. Although it’s good that Microsoft has found a fix for the bug in Windows Phone devices, the exploit may also affect its other applications. So far it’s known to work not only through SMS messages but also through Facebook chat or Windows Live Messenger. The malicious code could be used to crash Windows Live Messenger in a way that would prevent all your contacts from signing in.
Microsoft is still investigating its other products that may be affected, including its desktop applications. Salameh revealed that the following applications are vulnerable to the SMS attack string: Windows Live Messenger, Windows Live Mail, Silverlight-based apps, Visual Studio 2010, Expressions Blend, and Windows Presentation Foundation-based apps.
Update: Microsoft's Greg Sullivan, senior product manager of Windows Phone, has confirmed that the company is working with device partners to issue a fix, but refused to reveal any timings for its release. "We are working on an update to address the issue and will work with our partners to coordinate its release," said Sullivan in a statement issued to us on Thursday.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
