An easy way to destroy the connection Modem and Router “EIRCOM”

An amateur hacker reveals how easy it is for someone to exploit the modem and router one of the most popular Irish. Canpolat Ross shows that, by using a simple software and a few other basic steps, almost anyone can access the device and cause serious damage.
Although this technique can also work on devices from other brands, but this time Canpolat perform testing on a very popular router products from Eircom, particularly the ZyXEL P-660 type. In the test results, claiming that Ross Canpolat by utilizing some simple techniques, a hacker can change and make the administrator password, enable the local admin login, restart the device, changing the firmware engine and much more.
All the attacker needs access to the router to obtain IP addresses of victims, the task was not difficult for anyone, especially for a skilled hacker. In the case of dynamic IP, an attacker can create a special software such as DynDNS to make sure he can still access the device even when IP addresses change.
IP address of the necessary software to do the whole job. RouterPWN is software that is presented by researchers and security consultants Shmoocon Pedro Joaquin in 2012 as part of a presentation titled "A Mobile Router Exploitation Framework."
This simple application allows people to access the router in a few seconds and perform operations such as reset or unauthorized privilege escalation.
According Conpolat,: "After getting Admin access, will allow you to destroy the device (this requires a hard reset) and get a WiFi Encryption Key. Key that will allow you to reduce the network Firewall. Result will openly show others in the network who to target. By doing some NMAP Scanning and Exploitation Metasploit, you really can get into their computers and steal data. "
Eircom has been notified of this problem, but the hacker said that he also plans to make a test on a device owned by Vodafone and UP.
(Source: Beritanet.com, 2012)

Read more »

Emerson Network Power to Provide Maintenance of Emergency Government

Emerson Network Power is a company that provides software, hardware and services for data centers. The company has issued a notice recently about preventive and emergency maintenance services to help government agencies of the U.S. in maintaining business continuity through a partnership with Alliance Micro company, which is the provider of Liebert power and cooling system.

Quote from Emerson Network Power service can be obtained through a contract with the federal government offered by the General Services Administration (GSA) Federal Supply Schedule 056, the material and building services industry, which is better known as GSA 56.

Alliance Micro allows Emerson to offer preventive measures, emergency, and electric service to 56 companies GSA contract.

According to Brad Nacke, Director of the Emerson Network Power for Government Business in North America: "We are very pleased that the Alliance Micro will provide Emerson Network Power to maintain, monitor, and test the critical electric infrastructure from the service entrance switch to the rack. This will make it easier for government agencies authorized to purchase services through the manufacturer. "

Micro refers to the Alliance, the company has had good experience in providing production services and resources Liebert air conditioning systems for data center and network applications, and now we can enhance their offerings to include project management and other services.

Through collaboration with the Alliance Micro, Emerson Network Power is able to offer customers a broader portfolio with professional services including testing and maintenance services of electrical, site acceptance testing, electrical engineering services and preventive maintenance services.
(Source: Beritanet.com)

Read more »

Apache Release, Apache HTTP Server 2.2.22

Apache Software Foundation and Apache HTTP Server Project have announced the release of version 2.2.22 of the Apache HTTP Server ("Apache"). Apache HTTP Project considers this release to be the best version of Apache available and encourage all current users of previous versions to upgrade immediately.
According to records, the major release version of Apache is security and bug fixes, including a significant security improvements following:
* SECURITY: CVE-2011-3368 (cve.mitre.org): Reject the request if the request-URI (uniform resource identifier) ​​is not in accordance with the HTTP specification, to prevent an unexpected expansion in the target URL (Uniform Resource Locator) in a reverse proxy configuration .
* SECURITY: CVE-2011-3607 (cve.mitre.org): Fix integer overflow in ap_pregsub (), which when activated mod_setenvif module, may allow local users to get right through. Htaccess file.
* SECURITY: CVE-2011-4317 (cve.mitre.org): Complete the additional cases "rewrite" the URL RewriteRule ProxyPassMatch or where the request-specific URIs may result in exposure to unwanted backend network in some configurations.
* SECURITY: CVE-2012-0021 (cve.mitre.org): mod_log_config: to fix segfault (crash) when the log format string '% {cookiename} C' is being used and the client sends a nameless, valueless cookies, which can cause denial of service (DOS: Denial of Service). This problem existed since version 2.2.17.
* SECURITY: CVE-2012-0031 (cve.mitre.org): Fix the problem of "scoreboard" (scoreboard issue) that could allow an unprivileged process (unprivileged child process) that could cause crashes when doing a shutdown.
* SECURITY: CVE-2012-0053 (cve.mitre.org): Addressing the issue in response to errors that could expose cookies "httpOnly" when no custom ErrorDocument specified for status code 400.
Apache HTTP project can be realized thanks to halfdog, Context Information Security Ltd, Prutha Parikh of Qualys, and Norman Hippert to bring this issue to the attention of the security team.
This release includes the Apache Portable Runtime (APR) version 1.4.5 and the APR Utility Library (April-util) version 1.4.2, bundled with the distribution of RAR and ZIP. The APR libraries libapr and libaprutil (on Win32, libapriconv version 1.2.1) should all be updated to ensure binary compatibility and address security and bug known to many platforms.
When upgrading or installing a version of Apache, please keep in mind that if you intend to use Apache with one of the threaded MPMs (other than prefork MPM), you must ensure that any modules you will use and safe use of libraries (thread-safe).
(Source: Beritanet.com, 2012)

Read more »

Google has paid $ 300,000 for the vulnerability in Chrome, including the Chrome OS

Google celebrates two years since he began offering cash prizes for reporting security vulnerabilities in Chrome and related technologies. During that time, Google has paid hundreds of thousands of dollars to researchers who have helped to reveal vulnerabilities in its products.
Currently, Google is developing a program to include issues of Chrome OS as well as introducing some "bonus" for new ones that give some solutions to the vulnerabilities that they find.
Chris Evans, Google Chrome Security, wrote: "We have issued more than $ 300,000 [€ 226,000] as a token of appreciation for the hundreds of bugs in all of them qualify, and we immediately corrected. It also helped inspire a wave of similar efforts from companies all over the web. "
"We have been fascinated by the variety and ingenuity of bugs delivered by dozens of researchers. We've received a bug around each component, ranging from system software (Windows kernel / Mac OS X graphics library / GNU libc) for Chromium / WebKit code and to the library popular open source (libxml, ffmpeg), "he explained.
Google has paid for serious security bugs in Chrome, different amounts depending on their severity. So far, that is only for the desktop version, but Google as well, is developing a program for the Chrome OS for the parts not covered by existing programs.
Chrome OS may be too small to attract the attention of attackers and vulnerabilities have been able to largely overcome by improvements in Chrome. But there are certain components that are now covered by the awards program as a bug in the Linux kernel used in the Chrome OS.
Guarantee / awards also include the issue on the pepper version of the Flash Player plugin and a bug in the default application or extension, in essence, this is related to any vulnerability on one of the default component of the Chrome OS.
Google is not the first to pay for research on security vulnerabilities, but the program from google is one of the largest and most successful and has been adopted by other companies, including Mozilla.
(Source: Beritanet.com, 2012)

Read more »

Operating System Garuda Version 1.1.5

Garuda System Operating System version 1.1.5 comes with an application program which is helpful in the office, internet, multimedia, education, aid programs, and games.
Multimedia:

    GIMP - bitmap image editor (Adobe Photoshop replacement)
    Inkscape - a vector image editor (CorelDraw substitute)
    Blender - 3D Animation
    Synfig, Pencil - 2D animation
    XBMC - multimedia studio
    KSnapshot - capture the screen image
    Digikam - digital photo manager
    Gwenview - Client Photo Viewing
    Amarok - audio player + Internet radio
    Kaffeine - the video / movie player
    TVtime - television viewer
    Audacity - audio editor
    Cinelerra, Avidemux - a video editor
    and others ...
Education:

    Mathematics - algebra, geometry, plotter, fractional
    Languages ​​- English, Japanese, a language game
    Geography - atlas of the world, a planetarium, a quiz
    Chemistry - Periodic Table
    Logic Programming
Program Helps:

    Ark - file compression program (Winzip replacement, WinRar)
    K3b - burning CD / DVD (Nero replacement)
    Dolphin - file manager
    Cairo Dock - Mac OS dock menu
    Compiz Fusion + Emerald
    + Windows DOS emulator
    and others ...
Game:

    3D Game Maker
    Mahjong, Tetris, Rubik, Billiards, Pinball, blockout, Sudoku, Reversi
    Solitaire, Heart, Domino, Poker, Backgammon, Chess, Scrabble
    Frozen Bubble, Flight Simulator, Tron, Karaoke
    City Simulation, Fighter, Doom, Racing, FPS Tremulous
    DJL, Play on Linux, Autodownloader - game manager / downloader
(Source: Beritanet.com, 2012)

Read more »

Excess Blacberry and Android

Excess Blackberry:
1. A. Has a very comfortable keyboard.
2. BlackBerry Messenger or BBM. BlackBerry Messenger is one of the magnet which is owned by the Blackberry mobile phone. With the fuel we can chat, send pictures, website links, etc. with other BlackBerry users whenever we want. Advantages compared to ordinary chatting is that we will get a notification every time a new message that is sent to us even though we're not using fuel applications, or in other words we are always active status.
3. BlackBerry has LED lights that will inform you when there is incoming email. It's a trivial thing, but several people, including those I love lamp.
4. At weak signal conditions, BlackBerry is still relatively smooth to receive notifications such as email, instant messaging (instant Messenger), etc., so it can be relied upon for business people who need information quickly and accurately.

 
Excess Android:
A. Mobile Android is not made by one manufacturer. You can find
2. Availability of Applications and Games are enormous. At any Android phones in general have been installed Google applications Market. And the best part is, most of the application or game is free.
3. Accelerometer sensor. With accelerometer sensor, your Android phone screen will change automatically when the display position of the state of mobile phone horizontal to vertical position or vice versa.
4. Freedom of customization. Android phone has a display interface (interface) is interesting and you can be free to change the look of your Android phone.
5. Integration with Google products. When you first use the Android mobile phone, you will be prompted to sign in or log in with your Google Account. If it does not have it, you can register for free.
6. Supports push email for Gmail and Yahoo mail. Incoming mail will be forwarded directly to the phone and you will receive instant notification when there is incoming email and can be directly read and download the attachment if there is, just as if you are receiving.
7. SMS.Pilihan diverse internet browser. If you do not like the HP default Android browser, you can easily download another browser. (Source: Beritanet.com, 2012)

Read more »