beforeyoukillyourcomputer.com

A new bot can crack defenses erected by Microsoft to keep spammers from creating large numbers of accounts on its Live Hotmail service within seconds, a security researcher said Friday.

Dan Hubbard, vice president of security research at Websense, said the bot broke Live Hotmail’s CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) within six seconds, on average. CAPTCHA is the name given to the distorted, scrambled characters that many Web services require users to decipher and type in to create a new account; the tests are meant to block automated account registration by spammers and malware authors.

The bot, Hubbard acknowledged, is similar to one Websense uncovered in February.

“In the past, though, it was kind of questionable whether the CAPTCHA breaking was automated,” Hubbard said Friday, noting that there had been some evidence that spammers were paying people to decode and type in the CAPTCHA characters. “But the bot’s breaking [CAPTCHA] in six seconds, so it’s definitely automated.”

In a long post to the Websense blog Thursday, Sumeet Prasad — “our CAPTCHA expert,” said Hubbard — provided technical details of how the bot automatically registers Live Hotmail accounts and then immediately begins using those accounts to spew spam.

The bot’s total response time — how long it takes the program to grab a CAPTCHA image, analyze it and return with the correct code — is considerably shorter than that of earlier such bots, said Prasad in the blog.

One in every eight to 10 attempts to create a Live Hotmail account is successful, added Prasad, meaning that the success rate is 10% to 15%. However, the rate is actually meaningless, said Hubbard, since the bot will continue to try to create accounts using a predetermined list of account names until they’re all registered.

Copies of the bot are seeded on unsuspecting users’ PCs, said Websense, making it less likely that Microsoft will detect and stop the automated account registrations.

Free Web-based e-mail services such as Live Hotmail, Yahoo Mail and Gmail are favorite targets for spammers because the services’ domains can’t be blocked by blacklisting antispam tools, Hubbard said. “When Google, Microsoft and Yahoo [domains] are in the top 10 or top 20 spam domains, it’s hard to use reputation tools,” said Hubbard.

“You’re not going to block those [domains].”

Source

Emulating a special OEM BIOS marker offers way to bypass Vista’s anti-piracy

Microsoft is studying a BIOS hack that allows pirates to circumvent the anti-piracy features that are built into the Windows Vista.

Reports about the crack started circulation online a few weeks ago. The method uses a feature that allows system builders to qualify new computers as licensed by inserting a short digital marker in the BIOS. Upon detection of this special marker, Windows XP and Vista bypass product activation and anti-piracy checks.

This OEM Activation programm is limited to large original equipment manufacturers (OEMs) with which Microsoft has a direct relationship.

The basic input/output system (BIOS) is software that is built into a computer’s mother board. It provides a computer with the first instructions when it is booted up, allowing the operating system to start loading and components like the keyboard, display and disk drives to function. continue reading…

Someone has claimed to have hacked the Advanced Access Copy System (AACS) copy protection used on HD-DVD and Blu-ray discs and posted the script and a video to “prove it.” Claiming to have spent just 8 days tweaking some code, a web forum poster created BackupHDDVD, a Java app that will apparently decode a movie and store it to a PC hard drive. As the Home Media article points out, HD discs do include a second level of protection that was not claimed to be hacked and companies will certainly work to counteract the hack.

My favorite response to the YouTube video posted: “Sad that your next video will be from Prison.”

Think it was really hacked? Let us know what you think or if you can verify that it actually works.

Read [Home Media] Read [Uninnovate] Original Forum Posts [Doom9]

Source

While Microsoft’s Vista hasn’t quite had time to make it out to us normal folk just yet, there’s certainly versions floating around thanks to the November 30th corporate release, and we’ve already found a way to circumvent Redmond’s most valiant efforts to make us activate the darned software. With the help of a few background apps, a little registry tweakin’, and whole lot of deviousness, you can reportedly freeze the 30-day countdown timer within the operating system in order to prevent it from ever leaving the fully functional evaluation mode. Purportedly, the TimerStop Vista crack works “on all 32-bit x86 editions” including Ultimate and Premium, but the success rate in 64-bit (x64) environments is “likely to be low.” Notable, the folks behind the crack suggest that Windows Updates will still be accessible, as will Microsoft’s “value-added software downloads” typically only available to those who pass the WVGA validation process. So if you’re looking to hit up a new OS in the coming weeks, or you’ve already got ‘er up and running, be sure to peep the read link if you’re interested in pulling this off — but don’t count on Microsoft to sleep on this one, holiday break or not.

Source