Blackhacker

IPhone Flaw Lets Hackers Take Over, Security Firm Says - New York Times
A team of computer security consultants say they have found a flaw in Apple’s wildly popular iPhone that allows them to take control of the device.

The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.

If you had been paying attention, you know that another crack to AACS was published lat week. The story got “Dugg” and
as expected Digg.com received and complied with a take down notice. What was amazing was the More stories containing the cracked key where submitted to dug Digg. Hundreds. So Digg decided that it would no longer take down any articles or comments containing the cracked key. Do a google search on the subject and you will see LOTS of stories, but Beta News, adds a interesting comment:

BetaNews | AACS LA: ‘A Line is Crossed’
All this despite the fact, as Ayers confirmed, that the key in question was indeed revoked by the AACS LA. As newer HD DVD discs are distributed, revocation keys extracted from those discs by player software will cause software that uses the “09 F9″ media key not to work.

For users of that software, having paid for a device that no longer functions because it was designed not to function, may be a more important issue than whether Digg stepped on the inviolable rights of individuals to post a popular sequence of hexadecimal code in their messages.

This is the central point as to why DRM, as a business method is BAD BAD BAD. Customers who have PAID for a product, and use it as prescribed by the terms and the law, will now be penalized. And this will keep happening, as more cracks will be published until no application, or player will work anymore. Then how will they sell movies? They can’t. The old model does not work in the new world. You can’t have any reasonably protected information when the attacker and the intended recipient are the same person. That’s security 101.

The movie industry, will have to learn what the music industry is starting to realize. “If you can’t beat ‘em, join ‘em.” The industry will have to develop business models that not only expect piracy but encourage it.

The whole world is able and willing to distribute their products. Nobody wants to have to go to the store to by movies anyway. Nor should they have to. After all they are just bits on plastic. That’s why I got hi speed internet. So I can download really big files. Not so I get my email 2 seconds faster. And if you give me a point or two on each sale(or credit towards a free download), I’ll help you sell it. I’ll put up a torrent, or what ever P2P protocol is good for you.

Let’s cooperate, lets collaborate. Than we can ALL win !!!

C|Net

"Evil twin hot-spots present a hidden danger for Web users," said Phil Nobles, an academic researcher who specializes in wireless Internet and cybercrime. "Because wireless networks are based on radio signals, they can be easily detected by unauthorized users tuning into the same frequency."

Once an unknowing user has connected to an evil twin, a hacker can intercept transmitted data. Users are invited to log into the evil twin with bogus log-in prompts and can be lured into passing sensitive data such as user names and passwords.

This vulnerability seems to only effect public hotspots, and not your private WLAN, at least as long as your private WLAN is using some sort of encryption so that clients won’t connect to "Twins."

Security Focus has an interesting story about a hacker who broke into T-Mobil network, stole secrete documents from the Secrete Service and more..

The same source also offers an explanation for the secrecy surrounding the case: the Secret Service, the source says, has offered to put the hacker to work, pleading him out to a single felony, then enlisting him to catch other computer criminals in the same manner in which he himself was caught. The source says that Jacobsen, facing the prospect of prison time, is favorably considering the offer.

The moral of this story is as long as the Secrete Service is stupid enough to transmit sensitive information across public networks, you can always break the law by stealing said information, selling it and expect to recieve a job offer after you get caught.

This Netcraft

The Santy worm is written in Perl, and exploits a flaw in a file called viewtopic.php that allows an SQL injection exploit, in which SQL database commands typed into a web form can be executed.

While this site does not use phpBB it does use the PHP scripting language and simular exploits where found in PHP and earlier version of this Blog software.

Netcraft: IFRAME Exploit Spreading Through Banner Ads

Banner ads appearing on popular European web sites have been directing traffic to sites that install malware on visitors’ computers, according to the Internet Storm Center. The attacks are exploiting an unpatched flaw in the way Internet Explorer 6 handles the IFRAME tag.

Another reason to get