Welcome to HellBound Hackers. The hands-on approach to computer security.
Learn how hackers break in, and how to keep them out.
Please register to benefit from extra features and our simulated security challenges.

UPDATE:
The old domain (storm.psych0tik.net) is back up and running again.

The IRC has been temporarily moved to rogue.samurainet.info on port 6697. Don't forget to enable ssl.

-ynori7

Basic 24 is now back online thanks to only_samurai.

The RSS link has now been moved to the top left corner of the main page.

Also, the HBH IRC channel has been moved to a new location. It can now be found at storm.psych0tik.net on port 6697. Remember to enable ssl. More information about the IRC can be found here.

-ynori7

We've got another exciting competition here at HBH hosted by Futility. The purpose is to take a given image and use it to create an interesting and unique signature. The winners will be given challenge points in the following distribution:

1st place - 75 points
2nd place - 50 points
3rd place - 25 points

For more information, visit this thread.

UPDATE:
Competition over; ended with a crazy tie. Here's the results:
In first:
#3 Created By: KvK

In second:
#1 Created By: Bl4ckC4t
#7 Created By: Yours31f
#13 Created By: t7r0n3
#15 Created By: tbaybucs

In third:
#6 Created By: MoshBat
#10 Created By: Monster
#17 Created By: ynori7
#4 Created By: KvK

~ynori7

That's right folks, we have another competition going on. This one is a python optimizing challenge and is hosted by our friend ynori7.

The competition details can be found here: Python

Let's get your minds in gear and get those submission in!

UPDATE:
Well the competition has ended and the winners have been announced!
The results are in the forums in case you didn't catch it, The results are:

1st Place: stdio
2nd Place: otani
3rd Place: just a panda

Thanks to ynori7 for taking the time to host the challenge and thanks to all who competed.

Korg

Prominent users of Apple's new iPad 3G, including military and government officials as well as media personalities and celebrities, had their e-mail addresses hacked by a group that shared its findings with online publication Valleywag to point out security flaws in AT&T's Web servers.

"We began poring through the 114,067 entries and were stunned at the names we found," Valleywag said on its site. Among the iPad users whose e-mail addresses were shared: ABC news anchor Diane Sawyer, White House chief of staff Rahm Emanuel and New York City Mayor Michael Bloomberg.

The iPad 3G went on sale April 30 in the United States. It uses either Wi-Fi or AT&T's 3G cellular service to connect to the Internet for Web surfing and e-mail. A Wi-Fi only iPad was offered first, in early April. So far, Apple has sold more than 2 million iPads, the company has said. There was no comment from Apple, which earlier this week introduced its next-generation iPhone.

Google has introduced a new Web indexing system to provide users with more up-to-date search results, the company said Tuesday.

The new system, called Caffeine, delivers results that are closer to "live" than Google's previous system, the company said.

Previously, Google would crawl a fraction of the Web each night, index it and push it out in its results. With Caffeine, as Google crawls the Web and finds new information, it indexes it immediately. "We process it immediately so we can serve it seconds later," said Matt Cutts, the head of Google's webspam team. He unveiled the news at the Search Marketing Expo in Seattle.

When Google started, it would update its index only every four months, he said. Around 2000, it started indexing every month in a process that took a week to 10 days. "The funny thing is, we didn't have enough capacity to update all our data centers at once," he said. That meant that people might get different results when searching for the same term if they were hitting different Google data centers.

Microsoft patched 34 vulnerabilities in Windows, Office and Internet Explorer (IE), including an IE8 bug used by a Dutch security researcher in March to win $10,000 at the Pwn2Own contest.

The update was the largest from Microsoft so far this year.

Today's patch for IE8 was the last of those used to hack three browsers -- Mozilla's Firefox and Apple's Safari as well as IE -- at the March challenge. Mozilla patched Firefox April 1, eight days after the contest, while Apple fixed its flaw on April 14, 21 days post-Pwn2Own. This year, both Mozilla and Apple beat the time it took them to patch the vulnerabilities used in 2009's edition of Pwn2Own.

Microsoft essentially matched its patch speed of last year, when it also fixed 2009's Pwn2Own flaw with a June update.

"Actually, that's a pretty quick turn-around," said Aaron Portnoy, security research team lead with HP TippingPoint's Zero Day Initiative (ZDI) bug-bounty program. TippingPoint and ZDI sponsored this year's Pwn2Own, as it did the three years prior.

A national public competition has begun to find people with a talent for keeping computers and networks secure.

The competition aims to find those with relevant analytical, forensic and programming skills using web-based games and challenges.

Without more computer security experts the UK will not be equipped to handle rising cyber crime, say professionals.

The challenge hopes to encourage many of those that complete the games to take up a career in computer security.

Read More...

Microsoft is trying to help midsize business keep their PCs in tune.

On Monday, the software maker is set to launch a beta for Windows Intune, a service that uses the cloud to offer management, patching, and antivirus capabilities for a company's PCs. When it launches in final form, the Intune service will also include upgrade rights for a company to move its PCs to the enterprise edition of Windows 7. It will also include the Microsoft Desktop Optimization Pack, a collection of asset management, virtualization, and other services that typically are only available for large businesses that have a Software Assurance contract with Microsoft.

Sandrine Skinner, a director in Microsoft's Windows unit, said that Windows Intune is aimed at companies that have up to 500 PCs that are looking to manage their machines with just a small IT staff.

"They aspire to have enterprise-class infrastructure, but don't necessarily have the means," she said.

One of the key features of the service is its ability to schedule and manage updates of Windows and other Microsoft software, a capability that in the past required Windows Server Update Services or another management tool.

A start-up has plans to turn the traditional approach to blade servers on its ear, and it's not just smoke and mirrors. But it is light and mirrors.

For the past seven years, Lightfleet has been working on a technology that employs light signals to replace the cabling and switches typically used to connect various server nodes in a blade server. And as of December, it had delivered its first unit--to Microsoft's Research's labs.

Lightfleet's first product is code-named Beacon, a 32-node server that uses dual-core Intel processors along with standard off-the-shelf disks, memory, and storage all in a package that stands about 16 inches tall on a server rack (9U in server speak).

What's different is the way each node talks to the others, the so-called interconnections within the server. Although not typically the sexiest part of computing, the interconnections in a server blade play a critically important part in determining not just how fast it that server runs, but also how much power the whole data center uses and how much heat it throws off.

Mozilla yesterday confirmed a critical vulnerability in the newest version of Firefox, and said it would plug the hole by the end of the month.

Although the patch won't be added to Firefox before next week's Pwn2Own browser hacking challenge, researchers won't be allowed to use the flaw, according to the contest's organizer.

"The vulnerability was determined to be critical and could result in remote code execution by an attacker," Mozilla acknowledged in a post to its security blog late Thursday. "The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix."

Firefox 3.6, which Mozilla launched in January, is affected, Mozilla said, adding that it would be patched in version 3.6.2, currently slated to ship on March 30.