The BBC gives a lengthy video to show how a city in Columbia has become the “gold standard” for urban renewal
Have you heard about the free poetry library on cable cars?
Medellin, Colombia’s second largest city and the scene of the world’s most notorious drug-fuelled cartel war, is in the process of a dramatic transformation.
Hell is actually a pizza chain that started in 1996 that now has 64 stores in New Zealand, England, Australia and Ireland:
Clever marketing strategy but a website they used to manage customer information is said to have been breached. A police report revealed more than 230,000 “entries” at risk with names, phone numbers, email addresses and passwords. Risky Business claims an exclusive on this story called I know what you ate last summer
One source Risky.Biz spoke to says they looked into the security of the website when rumours of the breach started doing the rounds:
Immediately I spotted the SQL Queries being made by the Flash SWF as part of the query string to the server-side. The Flash client makes queries which are hard-coded in the .swf (this is dumb as it means SQL Injection is effectively a ‘feature’ of the store).
You could easily alter the query string to show the hashes stored in the MySQL users table. I figured out the version of MySQL was 4.0 (Debian Sarge) – and the hashes in this version are very weak, cracking them would take less than a couple of hours.
MySQL was listening on a remote port, so one could simply log in remotely and run queries or dump the database slowly so as to not be noticed.
Security researcher and Metasploit creator H D Moore described the security arrangements of the online ordering portal, as described above, as “about 50 steps of fail”.
HD could have gone for the 9 levels of Infernal fail, or called it divinely comical, but 50 steps is still pretty good.
Impressive guitar picking and lyrics by Chris Pureka
Well, I’m lost today
I’m almost wandering back to the door
That slammed in my face
Oh, but here I am
Here I am
Here I’ll stay
But when will the street signs stop pointing west
When will my thoughts stop drifting like smoke
Over the ridge to the trail we used to walk?
Oh, does it sound familiar?
The whole thing fades to black
And then you’re waiting
Waiting for it to burn again
Well, I’m lost today
I won’t deny it
I’m going to lay down
And wait for the compass rose
Under my skin to start to glow
But look how the sun has painted the trees
All these colors never known to them
Colors never known to their leaves
I’d like to sing like that
Oh, does it sound familiar?
The whole thing fades to black
And then you’re waiting
Waiting for it to burn again
But I know that someday, someday
I’ll offer up a song I was made to play
Until even the mocking birds
Don’t know what to say
And the mornings just make sense, sense, oh yeah
And where the dawn went I don’t know
Just hang a white flag out the window
Until the sunlight shines through it
Well is it morning yet?
I’m lost today
Here I am wandering
It’s late and I’m sure noticing
The crook of my arm is lonely
But look how the snow has painted the town
So that all of the street light is dancing, dancing around
I’d like to love like that
Does it sound familiar?
But I know that someday, someday
I’ll offer up all my Sunday afternoons
Until the rocking chairs have gone and worn
Right through the paint on the porch floor
And we’re gray and gray and gone, gone, gone
The remote code execution warning was posted yesterday for Windows Shell on XP: Microsoft Security Advisory (2286198).
The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.
Turn off AutoPlay
It was no good anyway
Except for exploits
Update: Sophos says disabling autoplay is not an answer
Sophos senior technology consultant Graham Cluley told ZDNet UK that the rootkit circumvents preventative measures such as disabling autorun and autoplay in Windows.
“This waltzes around autorun disable,” said Cluley. “Simply viewing the icon will run the malware.”