Some of Japanese phases..!

ohisashiburi desu
It's been a long time since we met.

dou shita no
what happened?

kura desu ka?
How much is it?

Google Summer of Code: Where are the students?

Google Summer of Code is truly a global program. For this year’s program we received 5,651 applications from 3,731 students in 97 countries.

google accepted 1,115 students from 68 countries. The ten countries with the highest number of accepted students are represented in the pie chart below.

China shuts down cracker website

The Chinese authorities have shut down what they describe as the biggest training website for hackers in China. The China Daily newspaper on Monday reported that three of the people behind the "Black Hawk Safety Net" site have been arrested. The group is said to have offered software and assistance for cracker attacks over the web. Since 2005, the website has acquired 12,000 members, paying out 7 million yuan (approximately £650,000) in membership fees. According to China Daily, 170,000 users were registered with the site.

The police began investigating the site in 2007, when a number of Black Hawk members were connected to an attack on the municipality of Macheng in Hubei province. News of the shutdown comes against the backdrop of a dispute with the USA over an attack on US internet giant Google. Google claims that the attacks originated in China. The Beijing government has rejected the allegations, stating that it is itself the biggest victim of online attacks and takes stern measures against crackers.

China Daily quotes a 23-year old Black Hawk member as saying, "I could download trojan programs from the site which allowed me to control other people's computers." Courses cost between 100 and 2000 yuan (approximately £9 and £187). "I did this just for fun but I also know that many other members could make a fortune by attacking other people's accounts." In Chinese press reports the talk has largely been of attacks on private access data for games and other entertainment websites and on e-mail and chat rooms. A 20-year old student told China Daily, "Basically students were told how to steal accounts and use trojan programs."

Hacker extracts crypto key from TPM chip

An American hacker has, with a great deal of effort, managed to crack a Trusted Platform Module (TPM) by Infineon. He was able to read the data stored on the TPM chip, for instance cryptographic keys (RSA, DES) such as those also used by Microsoft's BitLocker on appropriate motherboards.

TPM hardware incorporates various levels of logical as well as physical measures designed to counter a range of attacks, such as differential electromagnetic analyses (DEMA) and even physical intrusions. Once the keys are retrieved, however, an attacker can read the encrypted data stored on a hard disk without needing a password.

Previously known as the smart card hacker, Christopher Tarnovsky of Flylogic Engineering has presented his work at the Black Hat DC security conference. He apparently managed to suss out a processor in the "SLE 66CLX360PE" family used in the TPM. For this purpose, he extracted the actual chip from the housing in his special lab using various procedures that involved liquids and gases (a video about this is available online).
He then worked his way through the different layers of the chip using, for instance, a Focused Ion Beam microscope and Photoshop to figure out the chip's structure and find a way into the heart of the TPM.

Subsequently, he analysed the on-chip signalling pathways to obtain access to the processor's data bus. This took Tarnovsky the better part of six months and numerous TPM chips. However, retrieving the license key of an XBox 360, which also contains Infineon's TPM, apparently only required an additional six hours.
While Tarnovsky says that Infineon has so far said such attacks just weren't feasible, Peter Laackmann, Infineon's Senior Principal for Chip Cards & Product Security, in an interview with The H's associates at heise Security, denied this is the case.

The executive said that Infineon does not rule out the possibility of successful attacks. Laackmann said that TPM chips are not uncrackable and are not advertised as such. The potential for such an attack was already evident in an earlier evaluation phase and had apparently been carried out successfully by company researchers, quite some time ago.

However, one mustn't neglect the effort involved in such an attack, said Laackmann, adding that even Tarnovsky himself admits that the necessary steps aren't easy to reproduce and require a considerable amount of special equipment. According to Tarnovsky, the required lab equipment represents an investment of about $200,000.
Laackmann also said that the product family has become obsolete, and that the cracked processor was only intended for smart cards. There is a new generation of TPM chips based on the SLE78 family, which apparently offers not only further physical anti-intrusion measures, but also additional cryptographic features. In these chips, recording data bus traffic after breaking into the housing is said to be ineffective because the data is encrypted. Infineon's Integrity Guard concept is designed to avoid the transmission and processing of plain text data altogether. However, so far, few devices incorporate these new chips.

The hack's potential consequences for the many TPM-protected systems in corporate environments, for instance, are difficult to predict. One can hardly assume that criminals will reproduce such attacks on a practical level in the medium term. However, intelligence agencies could use the technology in targeted attacks – perhaps they are doing so already. Tarnovsky does not intend to publish the details of his approach – but he is also a business man. He plans to test the security of other vendors' TPMs in the near future.

David Litchfield

David Litchfield is recognized as one of the world's leading authorities on database security. He is the author of Oracle Forensics, the Oracle Hacker's Handbook, the Database Hacker's Handbook and SQL Server Security and is the co-author of the Shellcoder's Handbook. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany. David is a CHECK team leader and holds SC clearance.
In 2003 David was voted as the "Best Bug Hunter" by Information Security Magazine. He has found and help to fix 24 security flaws in SQL Server, including the vulnerability that was exploited by Slammer, 17 in IBM's DB2, 22 in Informix and over 100 in Oracle. In February 2008 David discovered a new class of vulnerability in Oracle that can lead to "Lateral SQL Injection" and, in the November of 2006, another new class of vulnerability in the same RDBMS that can lead to "cursor snarfing" attacks. Both are general programming flaws, that can lead to data compromise. David pioneered major advancements in Oracle forensics and has authored 6 technical papers since March 2007 on the topic.

David is Chief Research Scientist at NGSSoftware, a UK computer security services and software company he founded in 2001. NGSSoftware was acquired by NCC Group in November 2008. In 2007 NGSSoftware was awarded the Queen's Award for Enterprise, and was listed as one of the UK's fasted growing tech companies by both Deloitte and the Sunday Times. NGSSoftware was winner in the Best Security Company category in the 2008 European SC Magazine Awards and runner up in 2007. Previously David was Director of Research at @stake after his first company, Cerberus Information Security, was acquired in July 2000.
In May, David was named the "Entrepreneur of the Year" at the South London Business Awards 2008.
Prior to starting a career in computer security David competed as a track and field athlete for Scotland. He was the Scottish Under 20 Champion for both the long jump and decathlon and is the holder of the Scottish Schools Indoor record for long jump.
Source: http://www.davidlitchfield.com

Report: Google to work with NSA over cyberattacks

According to a report from The Washington Post, following the recent massive cyber attacks originating in China, Google will be working with the United States National Security Agency (NSA). Under the agreement, which has yet to be finalised, the NSA will help Google analyse the information gathered from the recent attacks and will help to investigate and defend against future attacks on the company's networks. The report goes on to say that "the deal does not mean the NSA will be viewing users' searches or e-mail accounts, or that Google will be sharing proprietary data". Neither Google, nor the NSA have confirmed theWashington Post report.

Google had announced in mid-January that hackers based in China had attempted to gain access to the email accounts of several Chinese human rights activists and had stolen important source code that could potentially allow access to other data. Following the attacks, the company said that it was no longer prepared to bow to Chinese censorship, that it is considering withdrawal from the world's largest and fastest-growing internet market and closing down Google.cn and its Chinese office. Google has already received the backing of the US government, however, China has denied any involvement in the attacks.
Created by President Truman in November of 1952, the NSA is the largest intelligence service in the US. Approximately 120,000 soldiers and civilians from around the world work for the agency. In 2005, it was revealed that the NSA had been tapping the telephones of its own citizens.

Microsoft confirms new vulnerability in Internet Explorer

Microsoft has confirmed the existence of a security vulnerability revealed at the Black Hat DC security conference on Tuesday and itself issued a warning. The vulnerability allows a crafted website to access and read the content of arbitrary files on a PC. Although an attacker needs to know the specific path and file name, for a standard Windows installation these are usually known default paths.
All versions of Internet Explorer from 5.01 to 8 on all supported Windows platforms are reportedly affected. Windows XP Home users, however, appear to be unaffected by the problem, as XP Home does not include a hidden C$ administrative share for websites to access. For Internet Explorer 7 and 8 running under Windows 7, Vista or Server 2003/2008, the vulnerability cannot be exploited as long as protected mode is activated in the browser (as it is by default).
Microsoft has said that it is looking into how it can solve the problem. However, solving it is not going to be straightforward, as Jorge Luis Alvarez Medina of Core Security Technologies, who discovered the vulnerability, has repeatedly stressed. The crux of the problem is that security zone settings in Internet Explorer do not always bite if a path is entered in the browser in UNC (Uniform Naming Convention) format (e.g. file://127.0.0.1/C$/.../index.dat). This means that under specific conditions JavaScript from the Internet Zone can access (and render) local files, despite the zone model being intended to prevent this.
Core Security reported two similar cross-domain vulnerabilities to Microsoft in 2008 and 2009, for which Microsoft released updates. However, until now, Microsoft has always merely patched things up, without addressing the actual core problem. As a result Medina has been able to discover a new means of reading local files. To overcome the hurdles set up by Microsoft, he takes advantage of a bug in the way the MIME type of local files is determined and a weakness when processing OBJECT tags.

As an interim solution, Microsoft has released a downloadable fix-it tool which disables the Internet Explorer file protocol. This could, however, cause problems for some other applications.