Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>CartXpress Remote File Upload / File Disclosure Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
CartXpress Remote File Upload / File Disclosure Vulnerabilities
===============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>CartXpress by Pass / Creat and Download Backup Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
CartXpress by Pass / Creat and Download Backup Vulnerability
============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Many high-technology companies have run afoul of the US’ Export Control System, which regulates the overseas sales of items that can be put to use for military or intelligence-gathering purposes. Given the pace of innovation, hardware and software that was once the domain of the military or spy agencies can rapidly wind up in the [...]

Apple has announced that it will provide a public, live stream of Wednesday’s keynote, which will be made available via the company’s HTTP Live Streaming open standard to Mac and iOS device users.
The Cupertino, Calif., company made the announcement as a media alert Tuesday evening. The live video stream will be available when the keynote [...]

A temporary ban on the sale of the PS Jailbreak device, a USB stick that overrides PlayStation 3 security and allows game discs to be copied, has been extended until Friday, September 3 when a Federal Court hearing will take place.
PS Jailbreak overrides the PlayStation 3’s notoriously tight security setup and lets users rip games [...]

Ever wonder what IT resource is the easiest for hackers to exploit? According to a survey of attendees of the annual DEFCON security conference, the answer is misconfigured networks.
The survey was conducted by Tufin Technologies, and polled 101 attendees at DEFCON 18 in July. Seventy-six percent named misconfigured networks as the easiest IT resource to [...]

Tomorrowâ??s WikiLeakers may have to be sneakier than just dumping military docs onto a Lady Gaga disc. The futurists at Darpa are working on a project that would make it harder for troops to funnel classified material to WikiLeaks â?? or to foreign governments. And that means if you work for the military, get ready [...]

It took just three days for The Pirate Bay to collect the $25,000 it needed for the editing of the TPB: Away from Keyboard documentary.
While critics would suggest that a story about three computer addicts who revolutionized the world of online piracy is better suited for the big screen and the Hollywood red carpet, it [...]

Organized cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa earlier this month. The funds were spirited away with the help of dozens of unwitting co-conspirators hired through work-at-home job scams, at least one of whom was told the money was being distributed to victims of the Catholic Church sex [...]

Months after the iPad hype wave peaked it looks like competing manufacturers are finally ready to lift the lid on their products. This week marks the start of the IFA consumer electronics show in Germany, and it is shaping up to be ground zero for the next generation of Android-powered iPad competitors.
There has already been [...]

Facebook chief executive Mark Zuckerberg says a lawsuit by a man who claims to own a huge chunk of the popular social networking website is seeking to uncover needless details about his private life.
Zuckerberg is fighting a civil lawsuit filed by Paul Ceglia, an upstate New York resident who claims an 84 per cent stake [...]

Is Apple readying an updated iPhone 4 with a new antenna, one without the much-publicized signal attenuation problem of the current model? A recent report by Mexican tech news site Canal MX, first uncovered (well, in English) by MacRumors, suggests a hardware fix for the iPhone 4’s well-known shortcoming could arrive by the end of [...]

We need it soon. The supply of Internet Protocol version 4 (IPv4) addresses is dwindling, spurring interest in the transition to IPv6, with its exponentially larger address space. Since the IPv6 standard was established in 1999, operating systems and network equipment have steadily added support, says John Curran, president and CEO of the American Registry [...]

Verizon Business is tapping into the popularity of VMware technology with a cloud computing service designed to let customers easily move workloads between their own infrastructure and Verizon’s cloud.
With the new service, in trials now and due for general availability early next year, enterprises that use VMware will be able to shift workloads out to [...]

Twitter has completed its move to OAuth for authentication for all third-party applications.
OAuth allows people to use applications without them storing their passwords. In the past, Twitter officials explained in a blog post, developers have been able to choose between basic authentication and OAuth to enable Twitter applications to access user accounts. Both methods require [...]

A survey of 278 IT managers found that spending on storage systems is expected to remain flat through next year because of the soft economy and new technologies that allow IT administrators to do more with what they already have.
The survey, conducted by research firm TheInfoPro in June, also asked IT managers which vendors they [...]

The cloud lifts Tuesday on Novell’s Cloud Security Service, which is software designed so that hosting and cloud-service providers can offer authentication, authorization, provisioning and de-provisioning services to their enterprise customers.
The Novell Cloud Security Service software is intended to be used inside a provider’s data infrastructure to enable the equivalent of a single-sign-on function to [...]

Russian police are reportedly investigating a criminal gang that installed malicious "ransomware" programs on thousands of PCs and then forced victims to send SMS messages in order to unlock their PCs.
The scam has been ongoing and may have made Russian criminals millions of dollars, according to reports by Russian news agencies. Russian police seized computer [...]

A botnet responsible for a significant amount of spam has been crippled but may reconstitute itself in a matter of weeks, according to vendor M86 Security.
The Pushdo or Cutwail network of hacked computers ranked in the top five or so botnets for spam, responsible for as much as 10 percent of all spam, said Ed [...]

Attackers took to Twitter on Monday to spread malware via links pointing to what they claimed was an update to the popular microblogging client TweetDeck.
A number of updates were sent from hacked Twitter accounts urging users to download a file called "tweetdeck-08302010-update.exe."
The tweets began with phrases, such as â??Hurry up for tweetdeck update!â? or â??Download [...]