Since November the nice folks at theminouche.net & hashbreaker.com have been working on a distributed rainbowtable project using BOINC (see http://boinc.berkeley.edu/). And as I found out this evening - it's up, running, and extremely efficient. The team is currently working on a set of sha512 tables.As with previous projects hashbreaker.com has been involved with the resulting tables are open for public download.

For more information see:
(Theminouche.net main page)
(hashbreaker.com Project site)
Or join the Topsight.net team@hashbreaker.com

---

For more information on what rainbowtables are and how they're used see our previous article on rainbowtables

Shahar Prish has released a new tool for those with series 2 tivo's connected to there home network. The tool effectively strips the builtin password protection / "Codec" that tivo uses and spits out a clean mpeg 2 file.

Although the tool only runs in windows, it effectively opens the door to watching tivo recordings on your mac or linux box by running the tool in vmware or virtual pc.

see link below for more info.
http://prish.com/eTivo/

News Source:- http://cities.expressindia.com/fullstory.php?newsid=130813

Neeraj Pattath is one of an elite group of youngsters bringing cops up-to-date about cyber crime

Mumbai, May 24: NEERAJ Pattath (17) is quite the average teenager. He’s appeared for his SSC exams. He hates maths. He loves surfing the Net.

There’s just one major difference. For the last three months, Pattath has been helping teach policemen how to detect and solve cyber crimes at Worli’s Mumbai Cyber Lab. A joint venture by the National Association of Software and Service Companies (Nasscom) and the Mumbai Police, the lab was initially meant exclusively for city police officers.

Weethet.nl has an interestong tutorial on how to mod Tivo Series 2 digal video recorders (DVR). The mod reportedly allows you to transfer the shows Tivo Records to your home computer. It also enables various other features including USB, wifi, home networking support, and allows you to telnet and ftp into your tivo box from your home network.

For full instructions see www.weethet.nl

The Hackademy starts an international hacker magazine

Paris, France - April 29, 2004 -- Created in France two years ago by a group of hackers, The Hackademy Journal, first printed magazine for French-speaking "White Hat" hackers, is now available in English language.

With a high technical level (full contents on the web site), this international publication is intended for a professional audience of computer users, programmers, system and network administrators, security specialists, etc. who wish to know, from a hacker viewpoint, what are the latest attacks and protection techniques.

"The Hackademy Journal [International Premium Edition]" is published quarterly and is available by subscription worldwide.

My local college is working to implement a new voice over IP system. The system uses HP switches to route all VOIP traffic over a separate VLAN then normal network traffic for both security and compatibility. But what I’ve realized is that like IPV4 VLANS work by reading tags that are attached to each packet by the switch and like IPV4 source addressing these tags can be easily spoofed. Switches that support VLANS typically have trunking ports that have access to all VLANS for the purpose of routing traffic to other switches. With older switches the default policy was to set so that all ports could potentially be set to trunking mode which means that any system on VLAN 1 could access traffic on VLAN 2 so long as the proper tags were attached this means that an attacking host could potentially reroute and sniff traffic on different VLAN using ARP attacks (but we won’t get into that)(Once VOIP traffic can be sniffed, an attacker could listen in on any call occurring within the realm of the switch using freely available software). So what if the switch is setup so that user ports strip VLAN tagging? Well according to @stake research paid for by Cisco it is possible to double tag or encapsulate data or packets sent over the switch so that once again the user port functions like a trunking port once again negating all VLAN security. See below reference links for a better explanation.

References

Cisco - Layer 2 -- The Weakest Link
Ethernet: Layer 2 Security
Routing & Tunneling Protocol Attacks
Hacking Layer 2: Fun with Ethernet Switches

A new proof of concept was released that details how to crash IE 5 with a simple bitmap image. It's unclear as to the severity of the flaw which involes using a signed integer for an offset. See read more for original post.

Reuters reported today that Adrian Lamo has turned himself in for hacking into a New York Times database. Because Adrian turned himself in, he received a plea bargain from the FBI which will land him only a year and a half behind bars. Amazingly, Adrian claims that he only used his access to run searches on LexisNexis which is a news and information service that charges a fee for use. The amazingly funny part of this entire story is that Adrian could have used the exact same LexisNexis service at his local or college library legally and without fee.

Update
I've found anouther version of the exploit with similar code, by bkbll
http://www.cnhonker.com
modified the code from oc192 Security, the updated code is attached to the end of the end of this article.

Much publicity has been given to the recent discovery of the new buffer overflows in microsofts RPC/DCOM protocol. So for those of you interested, you can view the actual exploit code discovered by the Xfocus team(http://www.xfocus.net/), (http://www.k-otik.com/exploits/07.21.win2kdos.c.php).

Click read more to see the source of the new exploit.

Jeffrey Parson, the media described over-weight, in-secure, “troubled” youth that we’ve all been hearing about for the last week or so may be none of what he’s been described (except for the over weight part, Jeff we’ve seen your picture). According to a recent MSNBC article and interview , Parsons doesn’t understand were these allegation came from. According to Parsons, he’s not a misfit, a maniac driver, a drug addict, or a “troubled youth”. The truth is, is that Jeffrey Parsons is an overweight computer geek who made changes to some one else malicious work, and re-released it. Lets think logically, whose to say the seven thousand computers that the Parsons worm/variant infected wouldn’t have been infected by the original blaster worm any way? Unfortunately for Jeffrey Parsons he'll forever be the face associated with the Blaster Worm.