« Archives in December, 2010

NOOKcolor is B&N’s Best Selling Product This Season

NookColor

I wasn’t surprised by this news. Since the eReader can be turned into viable tablet, it has landed itself the number one spot on Barnes & Noble’s holiday best seller list this year.

After rooting the device, you can install Kindle and Google Books from the Market to give you flexibility to hang on to all the other books you have already purchased. Don’t forget you can also side load any non-DRM books too.

Of course, this is only the start of what you can turn your eReadertablet into.

New Android Trojan Found

Just when you thought it was safe to run around installing any apk you can get your hands on. Not saying you should do this anyway. A report has come out about a new trojan that is making the rounds, dubbed “Geinimi”. It’s essentially being “grafted” on to legitimate applications, mainly games, and distributed into third party App stores. So far, it has only been downloaded from applications hosted by Chinese App Markets.

Lookout researchers, which posted a writeup on Geinimi, have found that it has been wrapped into legitimate free and paid games for Android users with those games’ developers unaware their applications are being used as a lure.

Read more…

Carders.cc, Backtrack-linux.org and Exploit-db.org Hacked

Found this quite interesting.

Carders.cc, a German security forum that specializes in trading stolen credit cards and other purloined data, has been hacked by security vigilantes for the second time this year. Also waking up to “you’ve been owned” calling cards this Christmas are exploit database exploit-db.org and backtrack-linux.org, the home of Backtrack, an open source “live CD” distribution of Linux.

The hacks were detailed in the second edition of “Owned and Exposed,” an ezine whose first edition in May included the internal database and thousands of stolen credit card numbers and passwords from Carders.cc. The Christmas version of the ezine doesn’t feature credit card numbers, but it does list the user names and hashed passwords of the carders.cc forum administrators. The carders.cc forum itself appears to be down at the moment.

Read more and especially a copy of the ezine posted on exploit-db.org.

Gawker was hacked six months ago, say sources close to Gnosis

Gossip site Gawker experienced a large data breach whose scale fully came to light in early December.

Hackers had access to the gossip site Gawker’s content management system (CMS) and password files for around six months, rather than the few days suggested by the company, the Guardian has learnt from sources connected to the break-in.

That contradicts the indications given by Gawker in public statements, such as an email sent out on 17 December by Thomas Plunkett, Gawker’s chief technology officer, in which he suggested that the hackers only had access “briefly” to the site: “Gawker Media servers and some company email accounts were compromised by hackers at some time during the last few weeks; the compromise was made public to us (and everyone else) this past weekend,” Plunkett wrote in an internal memo which was reposted on the Poynter.org website.

Read more…

Gawker falls victim to hackers

4chan hit by DDoS assault

I know I didn’t really keep you up-to-date on the Wikileaks debacle and the following DDoS attacks against sites that terminated relationships with Wikileaks but I thought this one was worth mentioning.

Controversial image board 4chan came under a denial of service attack on Tuesday.

A status message on 4chan’s status boards (below) reported that the birthplace of anonymous and home of midget porn had joined the “ranks of MasterCard, Visa, PayPal” as victims of a denial of service attack.

Site is down due to DDoS. We now join the ranks of MasterCard, Visa, PayPal, et al.—an exclusive club!

The Anonymous contingent of 4chan was behind the attacks on Mastercard et al over the refusal of many elements of the banking industry to do business with Wikileaks. In response, patriot hacktivists have launched denial of service attacks on 4chan IRC channels.

Read more…

Mozilla exposes 44,000 passwords

Mozilla inadvertently exposed the passwords of 44,000 inactive addons.mozilla.org accounts, but says there’s nothing to worry about.

“On December 17th, Mozilla was notified by a security researcher that a partial database of addons.mozilla.org user accounts was mistakenly left on a Mozilla public server,” Mozilla’s director of infrastructure security Chris Lyon wrote in a posting on the Mozilla Security Blog late Monday night.

Although that exposure may seem a wee bit scary, Lyons notes that all the passwords were for inactive accounts, that Mozilla was able to account for every download of the database, and that the password hashes were of the “older md5-based” variety, and that they all have now been deleted, effectively disabling those accounts.

I bet you no one ever uses the same password in multiple places. That would be unheard of.

Read more…

Nookcolor

NookColor

OK, this is where I’ve been and what I’ve been doing. I recently got a NookColor and have been spending a lot of time playing. No, it’s not a tablet. It’s an eReader but if you are willing to root your device, you will be happy to know that full Android market access has now been achieved. Thanks to the guys over at XDA Developers rooting has been made easy even for the novice.

The NookColor has just about what I wanted in a functional eReader and I was completely satisfied with what I got for $249. However, with a little work I got a decent tablet at a decent price.

Here’s a couple of links to get you started.
NookColor tablet
NookColor Rooting

MS warns over zero-day IE bug

This happened just before the Christmas holidays but I thought I would post it just in case you took a complete vacation from everything.

Microsoft warned on Wednesday, December 22, 2010, of a new zero-day vulnerability in Internet Explorer.

The flaw creates a means for hackers to inject malware onto vulnerable systems, providing surfers are first tricked into visiting booby-trapped websites. As such the flaw poses a severe drive-by download risk.

All established version of IE (from IE6 to IE8) are affected. It’s unclear whether or not the IE 9 beta is similarly vulnerable. The flaw reportedly involves the handling of Cascading Style Sheets by Microsoft’s browser software. The bug first came to light on the seclists.org full disclosure mailing list earlier this month.

Read more…

The End is Near!

Don’t mean to scare you. 2010 is almost over. The holiday hustle and bustle is now over and time for me to get back to work and post some relevant content.

Thanks to everyone that has frequented the site and I look forward to a happy and productive new year!

Google Search Warns Of Compromised Sites

Google has been warning Web surfers about sites that appear to be hosting malware in search results for years. Now, the company is adding a warning in search results when the site appears to be compromised but may not be actually downloading malware to visitors’ computers.

Starting today, Google search users should start seeing a new hyperlink warning that says “This site may be compromised,” adjacent to some results if Google’s system has detected something on the site that would indicate that it has been hacked or otherwise compromised. Clicking on the warning link leads to a Help Center article with more information.

Read more…