Adobe has upgraded its Flash Player to fix seven vulnerabilities in the graphics and video software widely used for interactive Web pages and banner advertisements.

Adobe classifies the patches as “critical” and advises people upgrade to the latest version, 9.0.124.0. All of the vulnerabilities could allow a hacker to execute code on a machine.

One of the vulnerabilities allowed Shane Macaulay to win a laptop in the PWN 2 OWN hacking contest at last month’s CanSecWest conference in Vancouver.

Macaulay, a researcher with the Security Objectives consultancy, used the Flash flaw to break into a machine running Windows Vista. He later said 90 percent of computers worldwide were vulnerable.

Exploiting vulnerabilities in Flash software has become an increasingly popular vector for hackers to compromise machines for two reasons. Most Web browsers have the Flash Player installed, and malicious banner advertisements — which can achieve wide distribution on Web sites pulling ads from a network — can take advantage of those vulnerabilities.

“These vulnerabilities could be accessed through content delivered from a remote location via the user’s web browser, e-mail client, or other applications that include or reference the Flash Player,” Adobe wrote in its advisory.

If a malicious banner advertisement is widely distributed, a hacker has the potential to take control of many PCs. Lately, these “malvertisements” have been popping up everywhere, wrote Sandi Hardmeier, a Microsoft Most Valued Professional and security blogger.

Read more @ News.Yahoo.com

Сцуки, бл%нах!.. но пикчур все таки нарисовал.. гх..

- - -

Spammers, fresh from the success of cracking the Windows Live captcha used by Hotmail, have broken the equivalent system at Gmail.

Internet security firm Websense reports that miscreants have created bots which are capable of signing up and creating random Gmail accounts for spamming purposes, defeating Captcha-based defences in the process. It reckons the same group of spammers are behind both attacks.

Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) challenge-response systems, which are used to prevent accounts being created until a user correctly identifies letters in an image, are designed to ensure requests are made by a human rather than an automated program. The technique has been used to defeat automatic sign-ups to email accounts by services including Yahoo! Mail and Gmail for years, and hackers are increasingly successful in defeating the approach. For example, the HotLan Trojan has created more than 500,000 spam email accounts with Hotmail, Yahoo! and Gmail since its arrival back in July 2007.

Websense reckons the latest Gmail Captcha hack is the most sophisticated it has seen to date. Unlike Live Mail Captcha breaking, which involved just one zombie host doing the entire job, the Gmail breaking process involves two compromised hosts. Each of the two compromised hosts applies a slightly different technique to analysing Captcha, as explained in a posting by Websense.

Even using the two techniques, only one in every five Captcha-breaking requests are successful. It’s a fairly low percentage, but one that’s still more than workable in the case of automated attacks.

It sounds like a lot of effort, but gaining a working Gmail account has a number of advantages for spammers. As well as gaining access to Google’s services in general, spammers gain a address whose domain is highly unlikely to be blacklisted, helping them defeat one aspect of anti-spam defences. Gmail also has the benefit of being free to use.

A wide range of Captcha-breaking services are hosted on a domain located in the US, Websense reports. The page includes a support page and payment advice along with an internal test page.

© theregister.co.uk

A teenage boy who hacked into a Polish tram system used it like “a giant train set”, causing chaos and derailing four vehicles.

The 14-year-old, described by his teachers as a model pupil and an electronics “genius”, adapted a television remote control so it could change track points in the city of Lodz.

The boy, described as a ‘genius’and some of the equipment he used.

 
Twelve people were injured in one derailment, and the boy is suspected of having been involved in several similar incidents.

The teenager, who was not named by police, told them he had changed the points for a prank.

A police statement said he had trespassed at tram depots in the city to gather information and the equipment needed to build the infra-red device.

“Questioned by police in the presence of a psychologist, the teenager testified he switched tram tracks three times, once causing a tram to jump the tracks,” said the statement. A search at the boy’s home turned up the device he had used to switch tram tracks.

Miroslaw Micor, a spokesman for Lodz police, said: “He studied the trams and the tracks for a long time and then built a device that looked like a TV remote control and used it to manoeuvre the trams and the tracks.

“He had converted the television control into a device capable of controlling all the junctions on the line and wrote in the pages of a school exercise book where the best junctions were to move trams around and what signals to change.

“He treated it like any other schoolboy might a giant train set, but it was lucky nobody was killed. Four trams were derailed, and others had to make emergency stops that left passengers hurt. He clearly did not think about the consequences of his actions.”

The first sign of the chaos came on Tuesday afternoon, when a city tram driver tried to steer his vehicle to the right, but found himself helpless to stop it swerving to the left instead.

The rear wagon then swung off the rails and crashed into another passing tram, hurling screaming passengers to the floor.

Transport employees were reported as saying that they knew immediately that someone outside their staff had caused the accident.

The boy will face a special juvenile court on charges of endangering public safety, police said.

The incident is the latest in which “hackers” - many of them young computer experts - have broken into computer systems.

A 20-year-old was questioned in New Zealand last year suspected of writing programs for an internet “spyware” scam targeting several hundred thousand bank accounts.

In 1999, a group of hackers used home computers to break into the systems controlling Skynet, a British military satellite, and changed secure settings.

A report by the US Federal Aviation Administration this week raised concerns that a passenger aboard the new Boeing 787 “Dreamliner” aircraft might be able to hack into the aircraft’s systems via its internet connection.

© Telegraph.co.uk

Пришли, нахакали и ушли )))

Пока пользователь думает, что он загружает в браузере один из привычных сайтов, хакер тем временем получает доступ к его iPhone и ко всем его функциям и содержимому, начиная с адресной книги и заканчивая возможностью записи аудио происходящего возле iPhone.

 
Статья на английском: iPhone Vulnerability Discovered (Cybernetnews.com) или www.exploitingiphone.com.