Skip to main content


You Can Steal My Laptop But You Can't Steal My Data - FDE for OS X

posted onMarch 2, 2009
by hitbsecnews

By: L33tdawg

"Moron leaves laptop in strip club - 400 gazillion records lost" - "Travellers warned that laptops may be seized and examined at random" - Seems like not a day goes by when you either read about someone losing a laptop that had some super-top-secret-information-that-shouldn't-have-been-on-there-in-the-first-place or you hear about how the government has increasing powers to basically do whatever they want to you when crossing International borders including examining the contents on your laptop or seizing it indefinitely.

Malware - Future Trends

posted onFebruary 13, 2006
by hitbsecnews

Malware has truly evolved during the last couple of years. Its potential for financial and network
based abuse was quickly realized, and thus, tactics changed, consolidation between different
parties occurred, and the malware scene became overly monetized, with its services available on
What are the driving forces behind the rise of malware? Who’s behind it, and what tactics do
they use? How are vendors responding, and what should organizations, researchers, and end

Caveat Lector: Authentication, the Forgotten, Should-be Predominant

posted onFebruary 13, 2006
by hitbsecnews

By: Justin Troutman

Using the familiar Alice and Bob model, we'll take a look at the concept of integrity preservation, through the use of a MAC, or Message Authentication Code. This article will define what it is, what it does, and why it's vital in the majority of cases, although often overlooked in most of them.

Coping with A Major Security Breach? What’s your Contingency Plan?

posted onFebruary 13, 2006
by hitbsecnews

By: Martin Allen

Legal pressures, not to mention your moral obligation to assist unwitting victims, means that you should never delay when disclosing IT security incidents.

In November 2005 a laptop belonging to an employee of the Boeing Corporation was stolen. Among the information on the machine was personal financial data about 161,000 current and former employees of the aerospace giant. None of the confidential information was encrypted, and therefore the thieves would have been able to read and exploit it easily.

TCP and IP Options

posted onFebruary 13, 2006
by hitbsecnews

By: Don Parker

Going back over the basics is always a good idea. One of the most fundamental pieces of knowledge in regards to computer communications are the four core protocols; IP, TCP, UDP, and ICMP. What we shall do over the course of this article is cover the options for both TCP and IP to see what, if any, security implications they may have.

HITB E-zine Issue #37 released

posted onDecember 12, 2005
by hitbsecnews

We are pleased to announce that the latest edition of the HITB e-zine (Issue #37) has been released. This is a pretty special edition with article contributions by Shreeraj Shah (Net-Square), Cesar Cerrudo (Argeniss) and Nish Bhalla (Security Compass).

For those of you waiting for the videos of HITBSecConf2005 - Malaysia, they are on their way to Europe and will be released on the 24th of December 2005. In the meantime you'll have the e-zine to enjoy :)

Merry Christmas and a Happy New Year everyone! See you guys in 2006.

Story of a dumb patch

posted onDecember 12, 2005
by hitbsecnews

By: Cesar Cerrudo

This paper is an advisory but mostly it describes a mistake made by Microsoft on patch MS05-018 where Microsoft failed to properly fix a vulnerability having to release a new patch MS05-049. Hopefully this paper will open the eyes to software vendors to not repeat this kind of mistakes.


Reverse engineering a shareware tool and writing a proper keygen for it

posted onDecember 12, 2005
by hitbsecnews

By: Azerton

This article deals with reverse engineering of a shareware tool and how to go about writing a proper keygen for it.


0x1. Tools
0x2. Observing our victim
0x3. Jumping inside the code
a. Understanding how it works
b. Understanding the interesting code
c. Calculating the serial
0x4. Writing the keygen
0x5. Shouts0x1: Tools

The tools used in this tutorial are a brain, windows calc.exe (for hex-decimal
conversions for example), OllyDbg 1.10, Dev-C++ 4 for writing the keygen.