As Microsoft prepares to release patches, researchers said they’ve seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.
The flaw lies in a driver used for the SMB file-sharing feature in Windows, said Bojan Zdrnja, a handler for the SANS Internet Storm Center. Exploit code was released around 11 p.m. ET, he said.
Zdrnja said he tested the exploit code and it works on fully patched Vista machines running Service Pack 1 or 2 as well as Windows 7. It may also affect Windows Server 2008. When successfully attacked, the exploit will cause the targeted machine to crash.
Researchers don’t know yet if the flaw is remotely exploitable, he said. Just one malicious packet is needed to crash a machine. Most PCs on internal networks keep port 445 open, which is used for file sharing.
That’s dangerous, since if a hacker already has access to a compromised computer within the network, it would be possible to crash all the other machines, Zdrnja said. Administrators should disable access to the port.
Home users usually have that port open, too, Zdrnja said. But for users who join a public Wi-Fi network, Windows will ask if it is a public network and, if it is, then block port 445.
A module for the exploit has already been created for Metasploit, a hacker toolkit used to attack PCs
[click to continue…]
Matt Cole( Newsbeat reporter ) Explained about Cellphones Fraud in BBC Newsbeat -
There has been a rise in the number of cell phone accounts being cloned or taken over by criminals.According to the UK fraud prevention service Cifas, the practice is one of the growth areas of identity theft.
It has seen a 74% rise to 633 cases in the first half of the year, compared with the same period in 2008.
After obtaining personal details by theft or deception, the fraudsters can add additional handsets to accounts and use them to run up large bills.
Cifas members include banking, insurance and telecommunication firms.
Richard Hurley from the service said: “In the first six months of 2008 we had 364 proven cases of accounts being taken over, and 899 by the year’s end.
“In the first six months of this year we’ve confirmed 633 cases.
“It is an area where the increasing sophistication of technology makes mobile phones a status symbol and therefore a boom area for fraud.”
He said its latest figures may represent a fraction of the problem’s true scale as Cifas members only file cases of confirmed fraud, not suspected cases.
Cellphone Phone fraud increases in many mobile operators
[click to continue…]
Electronics such as phones and laptops may start shedding their power cords within a year.
That’s the prediction of Eric Giler, CEO of WiTricity, a company that’s able to power light bulbs using wireless electricity that travels several feet from a power socket.
WiTricity’s version of wireless electricity — which converts power into a magnetic field and sends it sailing through the air at a particular frequency — still needs to be refined a bit, he said, but should be commercially available soon.
Giler, whose company is a spinoff of a Massachusetts Institute of Technology research group, says wireless electricity has the potential to cut the need for power cords and throw-away batteries.
“Five years from now, this will seem completely normal,” he said.
“The biggest effect of wireless power is attacking that huge energy wasting that goes on where people buy disposable batteries,” he said. Watch Giler demonstrate the idea
[click to continue…]
