Welcome to HBH V2 ! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Tech News

Windows 10 Source Code Leak Raises Security Concerns.

Microsoft has confirmed that a significant chunk of its source code for Windows 10 was posted to a repository called BetaArchive. The exact size of the leak has been disputed, but the data reportedly comes from the Shared Source Kit that Microsoft distributes to trusted partners. Confirmed by Microsoft on Friday night, the leak contains source code to the base Windows 10 hardware drivers plus Redmonds PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.  With that information, a hacker can hunt for vulnerabilities within some of the most trusted levels of the operating system. The code also reportedly contains the private debugging symbols that are normally stripped from public releases. These symbols give programmers extra information about which functions and data a piece of code is calling.

Serious privilege escalation bug in Unix imperils servers everywhere

A raft of Unix-based operating systems—including Linux, OpenBSD, and FreeBSD—contain flaws that let attackers elevate low-level access on a vulnerable computer to unfettered root. Security experts are advising administrators to install patches or take other protective actions as soon as possible. Stack Clash, as the vulnerability is being called, is most likely to be chained to other vulnerabilities to make them more effectively execute malicious code, researchers from Qualys, the security firm that discovered the bugs, said in a blog post published Monday. Such local privilege escalation vulnerabilities can also pose a serious threat to server host providers because one customer can exploit the flaw to gain control over other customer processes running on the same server. Qualys said it is also possible that Stack Clash could be exploited in a way that allows it to remotely execute code directly. This is a fairly straightforward way to get root after you have already gotten some sort of user-level access, Jimmy Graham, director of product management at Qualys, told Ars. The attack works by causing a region of computer memory known as the stack to collide into separate memory regions that store unrelated code or data. The concept is not new, but this specific exploit is definitely new.

Leaked GOP Data On 198 Million Americans Had No Password

Both the DNC and RNC were hacked during the 2016 election. Now, it has been revealed that a conservative analytics company also left a massive amount of information on American voters exposed and it could have been downloaded by anyone who stumbled across it. How much data qualifies as a massive amount? Roughly 25 terabytes, which is enough hard drive space to store around 500 complete Blu-Ray movies. Noted security researcher Chris Vickery says, In terms of the scope and depth, this is the biggest exposure I have found. The data that was leaked includes incredibly detailed profiles on just north of 198 million registered voters, which pretty much accounts for everyone who was eligible to vote in the 2016 election. There were thousands of files, some quite small and others incredibly large. Just two Excel files, for example -- one on Hilary Clinton and another containing research on Reddit users -- totalled almost 400GB.

Irony alert. Newly discovered sudo vulnerability affects only the most secure Linux servers.

If you want your Linux server to be really secure, you defend it with SELinux. Many sysadmins do not bother because SELinux can be difficult to set up. But, if you really want to nail down your server, you use SELinux. This makes the newly discovered Linux security hole -- with the sudo command that only hits SELinux-protected systems -- all the more annoying. Sudo enables users to run commands as root or another user, while simultaneously providing an audit trail of these commands. It is essential for day-in, day-out Linux work. Qualys, a well-regarded security company, discovered this essential command -- but only on systems with SELinux enabled -- can be abused to give the user full root-user capabilities. Or, as they would say on the Outer Limits, We will control the horizontal, we will control the vertical. This is not what you want to see on your Linux server. In a note to the OpenWall open-source security list, Qualys explained, On an SELinux-enabled system, if a user is Sudoer for a command that does not grant him full root privileges, he can overwrite any file on the filesystem (including root-owned files) with his commands output, because relabel_tty() (in src/selinux.c) calls open(O_RDWR|O_NONBLOCK) on his tty and dup2()s it to the commands stdin, stdout, and stderr. This allows any Sudoer user to obtain full root privileges. Specifically, this works by enabling a trusted user to overwrite an arbitrary file by writing to the standard output or standard error. This can be escalated to full root access by rewriting a trusted file such as /etc/shadow or even /etc/sudoers. For attacks over this vector, CVE-2017-1000367, to work, a user must have server access and the ability to run sudo. Still, if you have gone to the trouble to protect a server with SELinux, you do not want there to be any chance that someone could run rampant over it. The security hole exists in sudo 1.7.10 through 1.7.10p9 inclusive and sudo 1.8.5 through 1.8.20p1 inclusive. Sudo 1.7.10 was released in September 2012. Thus, all Linux distributions released in the last five years are vulnerable to this attack. There was also a patch release, sudo 1.8.20p1, where the fix was incomplete. That is because it did not address malicious commands, which included a new line. That is the bad news. The good news is patches are available for almost all significant server Linux distributions. These include Debian, Red Hat, SUSE, and Ubuntu. If you have not patched your server yet, do so. Once Qualys believes sufficient time has passed for responsible sysadmins to have patched their systems, they will publish their sudo-to-root exploit, and a day or two later, hackers will release easy-to-run attack scripts.

Pirate Bay proxy users caught downloading could get 10 YEARS in JAIL

People caught downloading copyright-protected content from torrent websites – including popular repositories like The Pirate Bay,Torrentz, and more – could face up to 10 years in prison under UK law. The Digital Economy Act has received royal assent, meaning UK file-sharers could now be imprisoned for a decade. Following a recommendation from the International Property Office, IPO, the maximum prison sentence for copyright infringement in the UK has been increased from two years – to 10. The IPO had previously commissioned a study that suggested online copyright infringement should carry similar sanctions to those used for counterfeiting offences.

Bose headphones share your lstening habits with third parties.

When it comes to privacy concerns, the mind naturally drifts to the likes of Facebook, Microsoft and Google. But in reality, there is the potential for privacy issues with any connected device -- and that includes Bluetooth headphones from Bose. Illustrating this is a man from Illinois who has filed a lawsuit against the Massachusetts-based audio company for secretly collecting, transmitting, and disclosing its customers private music selections to third parties, including a data mining company.  Kyle Zak alleges that his Bose QuietComfort 35 wireless Bluetooth headphones and the associated Bose Connect app gathered information about him, and sold it on to third parties including Segment.io. Zaks lawsuit points out that the same problem probably exists with other Bose Bluetooth headphones that work in conjunction with the Bose Connect app. Other affected products include the Bose SoundSport wireless, SoundSport Pulse wireless, QuietControl 30 and SoundLink wireless II headphones, as well as its SoundLink Color II, SoundLink Revolve and SoundLink Revolve+ speakers. The allegation is that Bose is engaged in what amounts to wiretapping, but Bose denies that data is personally identifiable.