In theory the car is using an SQL injection to drop the picture of the car. You have to give it to some people, that is human ingenuity at it’s best!

(Via Gizmodo)

Well Sony managed to make a bit of a mess today with the Playstation Network. I am sure tomorrow this will be all over the news, hell if your smart I would short sale some Sony stock, but as for now it is just boys the their mothers basement raising hell.

As of right now what we know is that it appears to be a bug with the PSN mixed with the old ‘fat’ PS3s (and no that is not just the US consoles, haha). There was a bug dealing with the leap year causing the console to reset it’s clack back to Dec 31, 1999. Which is very ironic considering the Y2k problem, yet seems to be unrelated.

The good news is that it looks like if we are lucky, once the 2nd of March kicks in, all should hopefully work out. The bad part is telling a bunch of people that not only can they not play online, but ANY game that uses the trophy system, will also not run.

Ouch Sony, this is going to hurt!

I love it. It is nice and clean on the top, and the addition of the keyboard is just fantastic. Add in the bluetooth and you finally have a company paying attention to what the consumer really interacts with once the TV makes it home.

(Via Gadget Review)

Terremark enters the more lower end (get the fog reference yet?) cloud computing market with their vCloud Express offering. I have always wanted to be able to use their higher end cloud, but really had no projects to offset the costs. So now we are all going to join the cloud right? Well lets take a look at costs:

Lets say we are going to build a decent Windows Server, but provide our own software and licenses.

We get 2VPUs with 2gb of ram:
$0.14 cents an hour * 24 hours * 30 days = $100.80

We just put in 120gb of storage:
$0.25 a month per gb * 120gb = $30

One Public IP:
$0.01 per hour * 24 hours * 30 days = $7.20

Internet Services (ports open to the Internet): HTTP, HTTPS, SMTP
$0.01 per hour per service * 3 services * 24 hours * 30 days = $21.60

Bandwidth of lets say 50gb
$0.17 * 50gb = $8.50

So our total would come out monthly to $168.10

So it is not the entry level cloud that I am looking for, but it is a pretty decent entry for small to midsize companies. You have to remember that your getting a pretty decent amount of redundancy and very considerable uptime protection. This is not like your dealing with a small time hosting company that is relying on other to keep them running, Terremark is their own large scale provider.

(Pulled from Terremark)

This is an interesting addition to the new OS X release.  Although no one really knows what it does exactly, it does add an interesting glimpse on how things are changing for Apple.  Here is a short write up i found:

We’ve gotten reports about an interesting feature in Snow Leopard, the new version of Mac OS X due for release this Friday. According to reports we’ve seen – and the screen shot below – Snow Leopard contains an antimalware feature.

We’re not sure yet exactly how this works, but the above screen shot shows this feature working with a download made via Safari, detecting a version of the RSPlug Trojan horse in a downloaded disk image.

We’re naturally curious about this feature, and about how thorough it is. As soon as we can find out more, we’ll post an article here. We wonder just how serious Apple thinks the malware threat is, especially since their latest Get a Mac ads highlight the fact that PCs running Windows suffer from viruses…

There are several things that I can see this stemming from. Probably the most notorious was the iWork 09, that came with a nice trojan. While it is a horrible reality that companies are having to take extra steps to protect their product form illegally downloaded torrents, I applaud them for taking the first step at least.

(Via Mac Security Blog)

The idea of falling snow being flavored is an abomination on nature, and in return, one of the best idea I have ever heard of! Will it really ever happen, probably not, but we can all hope that science will eventually get this out.

The Cloud Project is a tricky little concept that would spray flavored condensation and liquid nitrogen into clouds, “seeding” them, and forcing flavored snow to fall from the heavens. It’s pretty much straight of of a children’s book.

The whole thing is purely conceptual for now; it involves certain bacteria and ice nucleation and a lot of other science-y sounding words and phrases I don’t understand. What I do understand is the phrase “It will snow ice cream,” and what I wish I didn’t understand is “The technology is a long ways off.” Don’t be fooled by the existence of an actual Cloud Project van—it’s purely for illustrative purposes, and only functions as a regular ice cream truck/science information center.

I am practically getting a sugar high just sitting here thinking about it. I mean the only flavored snow I have seen was yellow, and it wasn’t very good.

(Via Gizmodo and The Cloud Project)

Even as a Mac user myself, I find myself thinking there is no need to worry about viruses and malware. Being in the security industry I know it is an absolutely ludicrous thought, but the chances are low enough that I I just push the idea to the side. Most people would say that the lack of exploits is mostly due to the low market share of the Mac, in attest to that sales are up, and we are seeing malware and even a talk about it at Black Hat this year.

“Most of the existing research (into) rootkits for OS X essentially take older Unix-based ideas and port them to OS X,” Dai Zovi told The Register. “Mine primarily uses the unique features of OS X and this makes it harder to detect the traditional tools and techniques.”

As just another Mach-based operating system, OS X is chock full of instructions that make sneaky rootkits possible. And yet there’s been little documentation, so far, of exactly what they are and how they can be used. Dai Zovi’s talk aims to fill the vacuum by showing how to extend native Mach RPC mechanisms that communicate with the Mac kernel.

“It’s not an inherent weakness in the system,” said Dai Zovi, co-author of the Mac Hacker’s Handbook. “It’s just extending the flexibility of the microkernel-based design in a malicious direction.”

I honestly haven’t looked at the code yet to see how hard the execution is. But with inclusion into the Metasploit Project, I am scared script kiddies everywhere will be able to pull it off.

(Via The Register.)

The Register has a pretty good article on an exploit using the NULL pointer. They were even nice enough to include the code. Here is a pretty good summary:

The vulnerability is located in several parts of Linux, including one that implements functions known as net/tun. Although the code correctly checks to make sure the tun variable doesn’t point to NULL, the compiler removes the lines responsible for that inspection during optimization routines. The result: When the variable points to zero, the kernel tries to access forbidden pieces of memory, leading to a compromise of the box running the OS.

The “NULL pointer dereference” bug has been confirmed in versions 2.6.30 and 2.6.30.1 of the Linux kernel, which Spengler said has been incorporated into only one vendor build: version 5 of Red Hat Enterprise Linux that’s used in test environments. The exploit works only when a security extension knows as SELinux, or Security-Enhanced Linux, is enabled. Conversely, it also works when audio software known as PulseAudio is installed.

An exploitation scenario would most likely involve the attack being used to escalate user privileges, when combined with the exploitation of another component – say, a PHP application. By itself, Spengler’s exploit does not work remotely.

With all the hoops to jump through, the exploit requires a fair amount of effort to be successful. Still, Spengler said it took him less than four hours to write a fully weaponized exploit that works on 32- and 64-bit versions of Linux, including the build offered by Red Hat. He told The Register he published the exploit after it became clear Linus Torvalds and other developers responsible for the Linux kernel didn’t regard the bug as a security risk.

While it does take some effort, it will surely be added into a script run on metasploit before too much longer, making it twice as dangerous.

(Via The Register)

You can find all kinds of interesting things on the internet. This one is pretty entertaining and helpful for all those single guys out there. Straight from the Wired Wiki:

The Dab

Surreptitiously dab a thin layer of lip balm on the tip of a ballpoint pen.

The Approach

Approach your target and tout your special mind-reading power: “I can pick out your digits from a collection of phony ones.” With your eyes averted, tell the hottie to jot down their actual phone number on a paper coaster and then 10 fake ones in any orientation.

The Coaster

When you get the coaster back, take out your cell and say, “Now all I have to do is make a few calls …” Cue laughter. Now examine the coaster. The first numeral in the correct number will begin with an inkless groove of oil and develop into a solid line. Bingo!

Contributed by Chris Lesinski

Pretty entertaining, made me dig out some chap stick just to try it out. And yes, it does work.

(Via Wired)

I can’t believe I didn’t even notice this when it first came out. Credit goes over to SecurityFocus for being the first to alert us on the major upgrade to Nmap.

Security researcher Gordon “Fyodor” Lyon announced the release of the latest version of the popular network-exploration and security-auditing tool, Nmap, on Thursday, improving performance and adding several new features.

Nmap 5.0 adds two new tools, Ncat and Ndiff, allowing network administrators and security practitioners the ability to transfer and redirect traffic as well as compare differences between periodic Nmap scans. Fyodor and the project’s developers have also boosted performance of the program by scanning a large part of the internet and available networks to determine the most common ports that should be scanned.

“Some worry that Nmap is getting too bloated, but I only agree to add things that I’m confident we can maintain well and keep secure,” Fyodor said. “Also, the extra tools Ncat, Ndiff, and Zenmap are optional, and you can even choose to compile Nmap without major features such as the Nmap Scripting Engine if you don’t need them.”

Nmap allows security professionals to scan networks for open ports, which typically indicate that a running application is awaiting data from the network. Unsecured ports are frequently probed by hackers looking to attack the system.

Nmap has become an essential part of security practitioners’ toolboxes since it was released in 1997.

I couldn’t agree more with that last sentence. Nmap has really added simplicity to the quick batch scans of some complex networks.

(Via SecurityFocus)