An untethered jailbreak means users can install it on their device once and for all. They don’t have to worry about a dead battery or restart requiring them to hook up to a computer and jailbreak the device again.
via Untethered iOS 6.1 evasi0n jailbreak arrives for iPhone, iPad, and iPod touch devices – The Next Web.
If you ever need to do this this article would be a good place to start your journey.
tl;dr; A whole slew of security dvr devices are vulnerable to an unauthenticated login disclosure and unauthenticated command injection.
via consolecowboys: Swann Song – DVR Insecurity.
Interesting read. Obviously, a device like a DVR should be placed inside a NAT and possibly have its traffic monitored at the firewall. Then if port 9000 is open for telnet you just have to worry about an attack from with access to the LAN — not the entire Internet.
According to the last data from the W3 Schools, 21% of computers are running XP, while NetMarketShare claims it is 39%. Unless someone has hardened these machines (no MS patches do this), these machines are sending LM and NTLM responses! While these lists leave out server OSs, 2003 Server still sends NTLM responses by default. Yes, every MS OS since NT 4.0 SP4 has supported NTLMv2, but NTLM and LM were not excluded by default until Vista.
via Mark Gamache’s Random Blog: NTLM Challenge Response is 100% Broken (Yes, this is still relevant).
Well, here it is: I’VE BROKEN NTLM.
From the wiki definition of NTLM:
Microsoft no longer recommends NTLM in applications:[6]
“Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM.”
While Kerberos has replaced NTLM as the default authentication protocol in an Active Directory (AD) based single sign-on scheme, NTLM is still widely used in situations where a domain controller is not available or is unreachable. For example, NTLM would be used if a client is not Kerberos capable, the server is not joined to a domain, or the user is remotely authenticating over the web.[1][3]
It has been shown, the hash approach as implemented by ipset clearly beats traditional mass-rule-blocking. It extends netfilter in a very useful way by decreasing the average response time. In the average over all samples made, IP sets are over 11 times faster. To conclude, let me show you another plot, this time I compared the ipset and iptables approaches within the same graph. The yellow bar shows ipset delays, the red bar does so for iptables.
via Mass-blocking IP addresses with ipset » daemonkeeper’s purgatory.
Starting at 10:26 UTC (12:26pm in Damascus), Syria’s international Internet connectivity shut down. In the global routing table, all 84 of Syria’s IP address blocks have become unreachable, effectively removing the country from the Internet.
via Syrian Internet Is Off The Air – Renesys Blog.
These five offshore survivors include the webservers that were implicated in the delivery of malware targeting Syrian activists in May of this year.
I have never gotten into the KDE vs GNOME debates, so this is not GNOME bashing, nor, as you’ll soon see, are these systemic development problems limited to GNOME. Yet what I’m hearing is that with GNOME v3 the goal is to promote their “brand” and make it dominant, in part by greatly limiting what users can change on their own systems, and partly by breaking or simply removing whatever support they’re no longer promoting as ‘The Way’. The reach of this selfish and narrow-sighted development goes beyond GNOME and affects GTK apps in general.
via GNOME (et al): Rotting In Threes « IgnorantGuru’s Blog.
What follows is a sampling of quotes from various places and assorted devs which paint a picture of a growing culture of anti-user, conformist philosophies. There’s a bit of text to review here, but I think it’s worth it to hear what GNOME devs have to say about their intentions and goals, in their own words, and what others are saying about that!
Unfortunately, if a network starts to send out an announcement of a particular IP address or network behind it, when in fact it is not, if that network is trusted by its upstreams and peers then packets can end up misrouted. That is what was happening here.
I looked at the BGP Routes for a Google IP Address. The route traversed Moratel (23947), an Indonesian ISP. Given that I’m looking at the routing from California and Google is operating Data Centre’s not far from our office, packets should never be routed via Indonesia. The most likely cause was that Moratel was announcing a network that wasn’t actually behind them.
via Why Google Went Offline Today and a Bit about How the Internet Works – CloudFlare blog.
When I figured out the problem, I contacted a colleague at Moratel to let him know what was going on. He was able to fix the problem at around 2:50 UTC / 6:50pm PST. Around 3 minutes later, routing returned to normal and Google’s services came back online.
After gutting the laptop and putting it in a custom picture frame, Driftnet, a program that listens network traffic and picks out images from TCP streams, was installed. [AUTUIN] tested his build with an open wireless connection in his building. The results provided a wonderful narrative that started with pictures from news sites than slowly devolved to pictures from a hot-or-not style website, an online dating site and finally pictures from the inevitable conclusion of that browsing session.
The HoneyMap shows a real-time visualization of attacks against the Honeynet Project’s sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself: map.honeynet.org!
The SpaceX Dragon capsule has been successfully grabbed by the International Space Station, marking the first time a private American space flight has run a supply mission to the orbiting platform. The crew of the ISS snatched Dragon out of orbit ahead of schedule, using the space station’s robotic arm to guide the capsule in after its careful approach.
via Dragon captured: SpaceX’s first ISS supply mission is a success – SlashGear.