Geek Bazaar

Seems like the waterfront website’s been hit with the SQL injection attacks that have been going around lately. Back in July 2007 we had reported the same website being defaced by some Turkish hacker group. Then later on there were other defacements, but we didn’t bother typing that one out. And finally poop hits the fan

Some complaints from a local forum here. Thanks to mr zero6 for the heads up.

Deputy Director of Homeland Security, Dr. Kenneth Shoto today announces a
call to cyber-ninjas everywhere to sign up for his annual fight-to-the-death
qualifying competition for the Defcon Capture the Flag (CtF) contest. The
qualifying competition will start at 10PM on Friday, May 30th and end at
10PM on Sunday, June 1st.

More here… http://kenshoto.com/

Hail to ubersmart packager, who thinks to know cryptography…
http://it.slashdot.org/it/08/05/13/1533212.shtml
“Debian package maintainers tend to very often modify the source code of the package they are maintaining so that it better fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, which might cause some tension between upstream developers and Debian packagers. Today, a critical security advisory has been released: a Debian packager modified the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key material generated on a Debian system guessable. The solution? Upgrade OpenSSL and re-generate all your SSH and SSL keys. This problem not only affects Debian, but also all its derivatives, such as Ubuntu.”

Remove RNG seeding! WTF was he thinking!

This morning I woke up to go straight to the bank.

A few hours before I’d made use of an ATM that dispensed the right amount of money for me, but while I was fixing my credit cards, the money was absorbed by this greedy ATM again. I made another transaction because I still needed my 50 euros. So 2 transactions in a few minutes. However that is not what my statement said when I checked it out on the online banking service. To my surprise I noticed that there were 4 transactions during that time. A -50 EUR, a +50 EUR (i suppose this is when it ate my money), and a double -50 EUR. So I ended up with 100 euros less in my account instead of 50. Not good.

So I went to the bank and explained the situation to them, they acknowledged this and told me that I should have the money back over the weekend.

Did you come across any other ATM glitches?

If you read the original “Security Engineering” by Ross Anderson, then you’ll probably be pleased to know that an update is due to be released soon. Check out this interview.

The obligatory Amazon link.

ps. its weird that amazon says that it will be released on the 14th apr 2008 while they claim that they have it in stock. guess they’re mixing up the old version with the new one

http://0×000000.com/index.php?i=532

http://torrentfreak.com/the-pirates-dilemma-080314/

More here.

Radioactive condoms - Sterility guaranteed!
More here.

It’s what we always suspected: encryption won’t save you.

Wired has a very interesting feature on Phil Zimmermann defending Hushmail over turning emails to the US govt. Lesson learnt: in the end of the day, it doesn’t matter if hushmail doesn’t store your emails in unencrypted form, if they need give out your emails following a court order, they can always intercept the credentials with which you encrypted the emails.

The soap-opera about the revealed embassy email passwords has a new episode…
Aparently the monitored traffic was not established by legitimate users (why would they use tor?), but by unknown inteligence agencies. Duno how he came to the conclusion but it makes somehow sense.
Also in a new twist the hero hacker erhhhm security researcher was arrested and his machines confiscated for analysis.
More here.
His blog is offline…

This story sounds like a spy movie plot.

um… they want to help you to stop spanking your monkey, stop slapping the meat, stop beating off , stop shizzling the nizzle (gotta love urban dictionary). Marketing guilt is how they get to sell their software.

It works by monitoring the sites your browse in the background and sending a periodic report to your close ones.. like your wife, or pastor (WTF?). Ah well .. I guess there are various ways of marketing the browser history feature.

xxxchurch.com

These guys faked it ..

More here. Such things always make you wonder .. how many times did such a thing happen and go undetected?

Emails, SQL databases and Phone calls were leaked.
Coverage:

• here
• here
• here
• and here

Some comments on the VoIP aspect on SIPVicious.

Phone call transcript here.

Um.. like this one:

It seems like this is some personal vendetta on Gadi Evron / Securiteam / Jewish people.
Code found on info-pull.

This is a follow up to a previous post. The agencies involved were making use of Tor, which is why their passwords ended up on this site. Making use of a security solution that you don’t understand can definitely proof letal - and that’s what happened in this case. A few news agencies have covered this .. Wired news has a 2 page article.

er.. sorry couldn’t help it. Actual title is “Hacking the Whitehouse“.

Quote:

“Excuse me, gentlemen,” the officer says politely. “I don’t mean to interrupt, but what is that device you have there?”

Rushing, a trained penetration tester and ethical hacker, doesn’t try to hide anything. “It’s an antenna,” he says.

The officer frowns for a moment and looks at the antenna more closely. Then his face brightens. “Cool,” he says. “Nice. Thank you.” And without another word, he turns and walks away, crossing the street.

suprnova.org