The folks over at Hulu Labs have been busy it seems, as they have just released a version of their desktop client for Linux. Windows and OSX versions of the desktop client have been out for some time now, but Linux has been left in the dark. Functionality wise, it operates and plays videos identically to its counterparts. The Linux version can also be controlled via an IR remote. We certainly are excited to add this to our entertainment systems. The release is a bit of a surprise, but a welcome change to the usual treatment of Linux, and it’s nice to see the mainstream start to recognize it. Plus, this is just more ammunition for getting rid of those monthly cable/satellite subscriptions.
The guys over at Xmarks are working hard to bring their bookmark synchronization service to all browsers and platforms. They’ve recently begun a closed alpha test for their Google Chrome/Chromium extension. We got an invite and decided to give it a test run. Since extensions aren’t yet fully supported, and still a bit buggy you’ll need to use the latest build in the dev channel of Chrome, which means at least version 220.127.116.11 or newer. We tested it on version 18.104.22.168 for Ubuntu with great success. The extension is still pretty basic since it’s still at an alpha stage, but works very well with synchronizing bookmarks across different platforms and browsers. Some of the things left out from the Firefox version are profiles, smarter search, site info and suggested tags. For an alpha release, it’s very well done and functions great, and we’re certainly looking forward to this extension as it develops further.
SecurityTube is a site which has recently caught our attention. The site has quite a variety of videos from various sources related to security and hacking. Videos range from DEFCON talks, to documentaries, step by step how tos, and even proof of concept vulnerability videos. It’s certainly a great resource for anyone looking for something a bit more involved then a plain text writeup, and offers a way for you to catch those hacker conference talks you missed. Many of the videos come with a bit of a background information as well, so it’s far more informative then your regular YouTube videos. This site is certainly going to become a very valuable resource for many people, and is certainly a great way to kill an afternoon while still learning something.
Ars technica is reporting on the ruling from the FTC about the software shenanigans of Kmart and Sears. The marketing geniuses behind the parent company of Sears and Kmart decided they needed more information about the users of their website. Their solution? Offering $10 to users who install their custom software which phones home with data on just about everything they do on their computer. Not content with just browsing habits of webites, the software apparently recorded everything the user did online, including secure sessions. Under the settlement (PDF) with the FTC, Sears says they will stop collecting data and promises to destroy any and all information they’ve collected so far. Selling what websites you’ve been to, how much money you have, which prescriptions you take and what products you’re interested in for the low low price of $10 seems like a bargain.
As far as password recovery utilities go, Cain & Abel is by far one of the best out there. It’s designed to run on Microsoft Windows 2000/XP/Vista but has methods to recover passwords for other systems. It is able to find passwords in the local cache, decode scrambled passwords, find wireless network keys or use brute-force and dictionary attacks. For recovering passwords on other systems Cain & Abel has the ability to sniff the local network for passwords transmitted via HTTP/HTTPS, POP3, IMAP, SMTP and much more. We think it is quite possibly one of the best utilities to have as a system administrator, and definitely a must have for your toolbox.
Mozilla released the latest alpha version of their new mobile browser Fennec for Windows Mobile. It brings many new features and fixes, such as improved startup time and a caching system to help scrolling on a page. They have also added support for a wider range of screen resolutions, and for those of us running an HTC Touch Pro support for zoom via the directional pad has been included in this release. Being an alpha release, it’s still a bit on the buggy side, but is very a promising browser for mobile phones. The final release should give other browsers a run for their money.
The National Credit Union Administration is warning all Credit Unions about malicious hackers and a low tech attack by mailing branches CDs with malware on them.
Using a somewhat dated but still effective Social Engineering attack, a package designed to look as though it was mailed by the NCUA is sent to the branch. The package contains CDs with the attacker’s malware on it, and an accompanying letter (PDF) which informs the branches, ironically, about phishing scams. The letter directs the personnel to review the “training material” on the enclosed CD. Once branch employees proceed as directed, the malware is executed and gives the attackers access to the branch computer systems. Credit Unions seem to be targeted because they tend to be smaller local associations rather then larger banks with higher budgets for computer security.
When people think computer security, they usually envision high tech systems comprising of long passwords, expensive hardware, and updating software with the latest security patches. However, as famed social engineer and hacker Kevin Mitnick once said, “There is no patch for stupidity”.
[via threat post]