CyberInsecure.com

Archive for the ‘Uncategorized’ Category

A new online service allows conversion of websites into a downloadable pdf format file. This tool by html2pdf.co.uk can be a useful utility to anyone who wants to make a snapshot of a website that is being updated very often or just for later reading.

The usage is very simple. Website address must be supplied and after you click a button you receive a download confirmation for the pdf file containing that website. There is also an option to add a bookmarklet which can convert in one click any websites you`re visiting in your browser. It is also possible to copy the HTML code into a form and get it as a web page in pdf. An entire page will be saved into the pdf, even if the page is few pages long and needs scrolling.

This can be a great, free and very quick alternative to making regular screenshots from websites as images, although its not hard to imagine what will happen if someone makes a pdf copy of PayPal.com website, converts it back into HTML and uploads to some hacked web hosting.

Website URL: www.htm2pdf.co.uk

The CanSecWest conference announced on Tuesday the format for this year’s competition in which security pros can attempt to compromise a laptop computer’s operating system to win the laptop and potentially a cash reward. The first person to compromise one of the notebook computers gets to keep the system and can submit the vulnerability to the Zero-Day Initiative run by 3Com’s Tipping Point. The company pays for responsibly disclosed software flaws and could reward up to $25,000 for a vulnerability.

Dubbed the “PWN2OWN” competition, the contest will give security professionals the opportunity to hack one of three systems: up-to-date versions of Microsoft’s Windows Vista, Apple’s Mac OS X, and Ubuntu Linux. To win the contest, a person must run code on the laptop using a previously unknown vulnerability in the operating system or a major application, such as a Web browser, a plug-in browser program, an instant messaging client, or an e-mail reader.

Each participant can try to attack the systems using a crossover cable by creating an exclusive network connection or, under special circumstances, through a wireless network connection in a remote location. Each contestant will have a 30-minute slot to conduct the attack and can ask that contest officials go to a malicious Web server, read e-mail messages sent by the attacker, or add attackers to instant messaging buddy lists and read their messages. Last year, two security professionals, Shane Macaulay and Dino Dai Zovi, worked together to find a vulnerability and compromise one of the MacBooks. Macauley got the MacBook, Dai Zovi claimed the $10,000.

“These computers are real and fully patched,” Dragos Ruiu, the organizer of CanSecWest, said in an e-mail announcing the contest. “All third party software is widely used. There are no imitation vulnerabilities. Any exploit successfully used in this contest would also compromise a significant percentage of Internet connected hosts.”

The notebook computers being used in the competition include a Sony VAIO VGN-TZ37CN running Ubuntu 7.10 “Gutsy Gibbon,” a Fujitsu U810 running Windows Vista Ultimate Service Pack 1, and an Apple MacBook Air running Mac OS X 10.5.2.
The conference is supposed to take place during March 26-27 in Vancouver.