Landon Fuller has taken on the challenge of patching each of the bugs reported by the month of apple bugs project. Thus far He's been able to patch each bug in about a day. As rumor has it, the month of apple bug project now plans on giving advance notice to Fuller to develop patches that will be released as the bugs are released.

For more info on Fullers project see: http://landonf.bikemonkey.org/code/macosx/

We've all seen it: on cops over license plates, on other TV shows over credit card and check numbers, and all over the web over many sensitive areas of documents. Blurring has been a long accepted way of eliminating information. This however, has all changed. A recent dheera.net project proved that these numbers can easily be brute forced by simply clearing out the original blurr, typing a new random number, blurring the new number, then comparing that image to the original.

For more information see: http://dheera.net/projects/blur.php

From TheRegister.co.uk:

Hitachi has announced what it claims is the world's first 1TB desktop hard drive, pledging to ship the beast later this quarter, with enterprise- and consumer electronics-oriented versions to follow in Q2.

The 3.5in Desktar 7K1000 will cost $399 at retail, but Hitachi will also offer a cheaper, 750GB model too. The drive spins at 7,200rpm and connects across a 3Gbps SATA bus, though the media data rate peaks at just over 1Gbps. It has 32MB of on-board buffer memory, a 8.7ms average seek time and a 4.17ms average latency.

It's interesting to note that a current search of the cheapest 750gb desktop hard drives reveals a price range of about $339.99 - 449.99. This to me indicates it's very likely that we'll see a very quick drop in desktop hard drive price as Hitachi introduces its new 1tb drive.

This initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. A positive side-effect, probably, will be a more concerned (security-wise) user-base and better practices from the management side of Apple. Also, we want to develop and provide tools and documented techniques to aid security research in this platform. If nothing else, we had fun working on it and hope people-with-a-brain out there will enjoy the results.

From: LMH and Kevin Finisterre

New user registration is now open to any one interested. By registering with Topsight you'll be able to write and post your own stories. To register simple goto: http://www.topsight.net/users.php?mode=new and complete the required fields.

From: http://ha.ckers.org

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks.

First what fierce is not. Fierce is not an IP scanner, it is not a DDoS tool, it is not designed to scan the whole internet or perform any un-targeted attacks. It is meant specifically to locate likely targets both inside and outside a corporate network. Only those targets are listed. No exploitation is performed. Fierce is a reconnaissance tool. Fierce is a perl script that quickly scans domains (usually in just a few minutes, assuming no network lag) using several tactics.

See more at: http://ha.ckers.org/fierce/

From askapache.com:

A few months back I did some intense testing of all the best vulnerability scanners out there… I had a couple nix boxes hooked up, as well as some dozers, and figured I could add clients to a “once-a-week” scanning contract. So naturally, I wanted to use the scanner that was the best for my purpose.

Read more at www.askapache.com

From Financial Times:

The flaw is a symbolic blow to Microsoft, which has spent five and a half years developing Vista. The software, which was launched two years later than originally planned, is the biggest upgrade to the operating system since the release of Windows 95 and Microsoft focused heavily on improving security.

See more at : Ft.com

From Peter Gutmann:

Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry.

For more information see: Peter Gutmann complete article

Since November the nice folks at theminouche.net & hashbreaker.com have been working on a distributed rainbowtable project using BOINC (see http://boinc.berkeley.edu/). And as I found out this evening - it's up, running, and extremely efficient. The team is currently working on a set of sha512 tables.As with previous projects hashbreaker.com has been involved with the resulting tables are open for public download.

For more information see:
(Theminouche.net main page)
(hashbreaker.com Project site)
Or join the Topsight.net team@hashbreaker.com

---

For more information on what rainbowtables are and how they're used see our previous article on rainbowtables