Welcome to HellBound Hackers. The hands-on approach to computer security.
Learn how hackers break in, and how to keep them out.
Please register to benefit from extra features and our simulated security challenges.

Basic 24 is now back online thanks to only_samurai.

The RSS link has now been moved to the top left corner of the main page.

Also, the HBH IRC channel has been moved to a new location. It can now be found at storm.psych0tik.net on port 6697. Remember to enable ssl. More information about the IRC can be found here.

-ynori7

We've got another exciting competition here at HBH hosted by Futility. The purpose is to take a given image and use it to create an interesting and unique signature. The winners will be given challenge points in the following distribution:

1st place - 75 points
2nd place - 50 points
3rd place - 25 points

For more information, visit this thread.

~ynori7

That's right folks, we have another competition going on. This one is a python optimizing challenge and is hosted by our friend ynori7.

The competition details can be found here: Python

Let's get your minds in gear and get those submission in!

UPDATE:
Well the competition has ended and the winners have been announced!
The results are in the forums in case you didn't catch it, The results are:

1st Place: stdio
2nd Place: otani
3rd Place: just a panda

Thanks to ynori7 for taking the time to host the challenge and thanks to all who competed.

Korg

For all you members who didn't notice, We have a new competition going on. That's right, Now's your chance to design a HBH logo for new and upcoming merchandise.
Contest information and deadlines can be found here: Competition.

Let's get a move on and submit as many images as you like. More images = more community points.

The results have been posted, So everyone have a look and vote for your favorite one!

UPDATE, UPDATE, UPDATE!
The voting has ended and we have our winners, See the forums for details.

1st place: DOSed
2nd place: tbaybucs
3rd place: DOSed

Great work by all who entered.

Thanks,
~Korg

A new vulnerability has been discovered that affects all versions of IE across all distributions of Windows. This vulnerability allows malicious users the ability to access files on your harddrive via ActiveX.

Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform, which has been under development since early 2009 and contains many improvements for web developers, add-on developers, and users. This version is also faster and more responsive than previous versions and has been optimized to run on small device operating systems such as Maemo.

Click "Comments" to read about Notable Firefox 3.6 features.

Microsoft confirms Thursday patch for Internet Explorer exploit

Confirming what many internet industry watchers thought would happen this week, Microsoft says it will release an out-of-band patch later today, for the Internet Explorer security vulnerability used to attack Google and around 30 other companies affected by the widely publicised security flaw seen in the Google/China incident.

According to Microsoft, the security vulnerability affects all versions of Internet Explorer from v6.x upwards on all Windows NT-based operating systems (Windows 2000, XP, Vista, Windows 7). Put simply, Infosecurity notes, every Windows user who might be affected should install it.
The original exploit only worked if people were running Internet Explorer 6 on Windows XP, but now the exploit code has been published, some malware writers are rumoured to be adapting the code for a wider target market.

Recently Google reported that China-based hackers breached its security, and that of many other foreign companies in a variety of sectors, including finance, technology, media and chemicals.

It seems the attacks were aimed at accessing Gmail accounts of human rights activists, and stealing other intellectual property.

U.S. Secretary of State Hillary Clinton called on China "for an explanation" of Google's allegations. She also stated that "The ability to operate with confidence in cyberspace is critical in a modern society and economy."

For years China has pressured companies to accommodate them. Before entering the China market in 2005 Google had to agree to censor its search results for Google.cn.

Now however Google threatens to completely withdraw from China because of censorship and cyber-spying.

A senior Microsoft Corp. executive said that "Google would do disservice to Chinese people" by leaving China because Google censors its Chinese search results less aggressively than Chinese local competitor Baidu and other Chinese portal companies. A pullout by Google would strip Chinese Internet users of a good alternative, the executive said.

In any event this will cause more people to be aware of the censorship problem in China. Maybe this will even promote change, "Yes we can".

Microsoft has lost an appeal in a patent dispute with Canadian company i4i with the US Court of Appeals for the Federal Circuit ordering the software giant to stop selling Microsoft Word 2007 and other Office 2007 products by January 11. The court also hit Microsoft with a $287 million fine.

Microsoft lost a patent infringement suit against XML specialists i4i back in May when it was found that Word's handling of .xml, .docx, and .docm files infringed upon i4i's patented XML handling algorithms, but the injunction against further Word sales was put on hold pending the results of this appeal.

In August 2009, a US judge had ordered Microsoft to stop selling Microsoft Word in its current form in the US as it infringes upon a patent owned by a Canadian company, i4i.

Judge Leonard Davis of the US District Court for the Eastern District of Texas had passed an injunction to this effect and has given Microsoft 2 months within which the software giant must comply with the order.

One-time passwords, aren't enough to stop cybercrooks from plundering bank accounts
Security measures such as one-time passwords and phone-based user authentication, considered among the most robust forms of security, are no longer enough to protect online banking transactions against fraud, a new report from research firm Gartner Inc. warns.

Increasingly, such measures are overwhelmed by online criminals looking to pillage bank accounts using valid login credentials stolen from customers, the report said.

Gartner's warning comes amid a sharp uptick in fraud involving the exploitation of valid online banking credentials. In August, NACHA- the Electronics Payments Association issued an alert , warning members about attacks involving the theft of online banking credentials, such as usernames and passwords mostly from small- and medium-size businesses. Cybercriminals used the stolen credentials to take over corporate accounts and initiate unauthorized transfers of funds via electronic payment networks, NACHA said in its warning. NACHA, with more than 11,000 financial institutions as members, oversees the Automated Clearing House (ACH) electronic payments network.

Hackers broke into the electronic files of one of the world's foremost climate research centers this week and posted an array of e-mails in which prominent scientists engaged in a blunt discussion of global warming research and disparaged climate-change skeptics.

The skeptics have seized upon e-mails stolen from the Climatic Research Unit of the University of East Anglia in Britain as evidence that scientific data have been rigged to make it appear as if humans are causing global warming. The researchers, however, say the e-mails have been taken out of context and merely reflect an honest exchange of ideas.