Archive for the ‘Security’ Category

New Content Protection System Ready For Blu-ray Disc

June 22, 2007

“Blu-ray Disc is getting another layer of content protection with the availability of BD Plus (BD+). The system, from BD+ Technologies LLC, is now complete and available to all Hollywood movie studios and content developers for implementation in Blu-ray Disc media.

Issued by BD+ Technologies are system specifications, key management rules, test specifications and various agreements. Also launched are a key issuing center, testing centers for players, and testing facilities for disc playability.”


Beat-Fingerprint-Security-By-Cutting-Off-Finger Trick No Longer Viable, Thanks To Sony

June 19, 2007

“…they’ve come up with a system doesn’t use fingerprints, but rather an image of the capillaries (via Network Computing) beneath the skin of a person’s finger. The pattern in the image can only be captured when blood is pumping through the finger in question, so severing it from the rest of the victim would render it useless.”


Ubuntu Linux Validates As Genuine Windows

June 18, 2007

“Another crack in the Windows Genuine Advantage wall. A user at managed to validate an Ubuntu installation as a genuine copy of Microsoft Windows and get to the download page of Windows Defender, using IE4Linux and Wine. (Here is an OGG video of the process.) Along with the advancement of LiveCD technology, this could spell the end of Microsoft’s control over who gets their updates.”


FBI: More Than 1 Million Computers Infected

June 14, 2007

“More than 1 million computers – possibly yours, too – are used by hackers as remote-controlled robots to crash online systems, accept spam and steal users’ personal information, the FBI said Wednesday.The government has no way to track down all the computers, both in the U.S. and elsewhere, that hackers have massed into centrally controlled collections known as botnets.But the FBI has pulled the plug on several botnet hackers, or zombies. One man was charged this week in a scheme that froze computer systems at Chicago-area hospitals in 2006 and delayed medical services.”


Google Video Security Flaw Could Expose Private Username & Password Information

June 12, 2007

“Google Video may be exposing the username and passwords of users who post videos to their MySpace accounts and serving this information over unsecure Internet protocol, with an http URL and not https.”


Safari For Windows, 0day Exploit In 2 Hours

June 12, 2007

“Apple released version 3 of their popular Safari web browser today, with the added twist of offering both an OS X and a Windows version. Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted towards this new Windows browser.I downloaded and installed Safari for Windows 2 hours ago, when I started writing this, and I now have a fully functional command execution vulnerability, triggered without user interaction simply by visiting a web site. I will not sell this one to ZDI or iDefense but instead release it here, as I have done lately with a number of 0day vulnerabilities. This place is where you get my latest research )

A bunch of other security researchers such as David Maynor and Aviv Raff have been pounding safariWin with their fuzzing tools, going through thousands upon thousands of test pages in the hopes of triggering some form of memory corruption for potential exploitation. I am a big fan of fuzzing and believe it can produce some tremendous results, but sometimes good old fashioned application specific knowledge can get you far.”


“Unbreakable” Encryption Works In Real Time Over Long Distances

June 9, 2007

“In the internet age, when 120,000,000 smart people on Digg can see an article about your technology, it takes some real courage to use the term “unbreakable”, but the guys at NIST are doing just that.They say they have built a prototype high-speed quantum key distribution (QKD) system that can perform a theoretically unbreakable “one-time pad” encryption, transmission and decryption of a video signal in real-time over a distance of at least 10 kilometers.”


Three Minutes on Google Security

June 6, 2007

“Security has been a bit of a black art at Google. Unlike rival Microsoft, which publishes detailed information on its monthly patches and has openly evangelized the steps it takes to secure software, Google has generally been quiet when it comes to talking about security and it has kept the team that keeps Google’s Web sites secure under wraps.Not so anymore. In April, Google researchers presented a paper on Web security at a technical conference in Cambridge, Massachusetts, discussing the results of the company’s ongoing effort to “identify all Web pages on the Internet that could potentially be malicious.” A month later, Google started its first-ever security blog, and since then observers have had their first glimpse into the lives of Google’s 100-person security team.”


Firms Hit Rivals With Web Attacks

May 8, 2007

Legitimate businesses are turning to cyber criminals to help them cripple rival websites, say security experts.

The rise in industrial sabotage comes as some suggest cyber criminals are turning away from using web-based attack tools in extortion rackets.”


More Bad News For HD-DVD Encryption

May 5, 2007

“Hackers have found a way of circumventing the AACS copy prevention technology used by next-generation DVD disks. Unlike earlier breaks, the latest crack can’t be papered over simply by pushing key revocation updates.”

“The approach bypasses the encryption performed by the Device Keys, so revoking these keys as applied by the WinDVD update.”