by Acyd Burn on Thu Dec 13, 2007 3:29 pm

Re: phpBB3 Gold Released

by Acyd Burn on Thu Dec 13, 2007 3:30 pm

• [Fix] Cleaned usernames contain only single spaces, so "a_name" and "a__name" are treated as the same name (Bug #15634)
• [Fix] Check "able to disable word censor" option while applying word censor on text (Bug #15974)
• [Fix] Rollback changes on failed transaction if returning on sql error, if set
• [Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)

• A webserver or web hosting account running on any major Operating System with support for PHP
• A SQL database system, one of:
• MySQL 3.23 or above (MySQLi supported)
• PostgreSQL 7.3+
• SQLite 2.8.2+
• Firebird 2.0+
• MS SQL Server 2000 or above (directly or via ODBC)

  cialis price compare

• Oracle
• PHP 4.3.3+ (>=4.3.3, >4.4.x, >5.x.x, >6.0-dev (compatible)) with support for the database you intend to use.
• getimagesize() function need to be enabled
• These optional presence of the following modules within PHP will provide access to additional features, but they are not required.
• zlib Compression support
• Remote FTP support
• XML support
• Imagemagick support
• GD Support

• Full Package
  Contains entire phpBB3 source and english language files.
• Changed Files Only
  Contains only those files changed from previous versions of phpBB3. Please note this archive contains changed files for each previous release.
• Patch Files
  Contains patch compatible patches from previous versions of phpBB3.
• Automatic Update Package
  Update package for the automatic updater, containing the changes from previous release to this release.

• phpBB Downloads
• phpBB3 Documentation
• phpBB3 support forum
• phpBB3 bug tracker
• phpBB3 Coding Guidelines
• phpBB3 Sourcecode Documentation
• Press Release

Patrick Gray
November 13, 2007

In August, Swedish hacker Dan Egerstad gained access to sensitive embassy, NGO and corporate email accounts. Were they captured from the clutches of hackers? Or were they being used by spies? Patrick Gray investigates the most sensational hack of 2007.

IT WASN'T supposed to be this easy. Swedish hacker Dan Egerstad had infiltrated a global communications network carrying the often-sensitive emails of scores of embassies scattered throughout the world. It had taken him just minutes, using tools freely available for download on the internet.

He says he broke no laws.

In time, Egerstad gained access to 1000 high-value email accounts. He would later post 100 sets of sensitive email logins and passwords on the internet for criminals, spies or just curious teenagers to use to snoop on inter-governmental, NGO and high-value corporate email.

The question on everybody's lips was: how did he do it? The answer came more than a week later and was somewhat anti-climactic. The 22-year-old Swedish security consultant had merely installed free, open-source software – called Tor – on five computers in data centres around the globe and monitored it. Ironically, Tor is designed to prevent intelligence agencies, corporations and computer hackers from determining the virtual – and physical – location of the people who use it.

"Tor is like having caller ID blocking for your internet address," says Shava Nerad, development director with the Tor Project. "All it does is hide where you're communicating from."

Tor was developed by the US Navy to allow personnel to conceal their locations from websites and online services they would access while overseas. By downloading the simple software, personnel could hide the internet protocol address of their computers – the tell-tale number that allows website operators or intelligence services to determine a user's location.

Eventually the navy realised it must take Tor beyond the armed forces. "The problem is, if you make Tor a tool that's only used by the military . . . by using Tor you're advertising that you're military," Nerad says.

So Tor was cast into the public domain. It is now maintained and distributed by a registered charity as an open-source tool that anyone can freely download and install. Hundreds of thousands of internet users have installed Tor, according to the project's website.

Mostly it is workers who want to browse pornographic websites anonymously. "If you analyse the traffic, it's just porn," Egerstad told Next by phone from Sweden. "It's kind of sad."

However, Dmitri Vitaliev, a Russian-born, Australian-educated computer security professional who lives in Canada, says Tor is a vital tool in the fight for democracy. Vitaliev trains human-rights campaigners on how to stay safe when online in oppressive regimes. "It's incredibly important," he said in a Skype chat from the unrecognised state of Transnistria, a breakaway region in Moldova where he's assisting a local group working to stop the trafficking of women. "Anonymity is a high advantage in countries that perform targeted surveillance on activists."

It's also used to bypass website censorship in more than 20 countries that censor political and human rights sites, he says.

Tor works by connecting its users' internet requests, randomly, to volunteer-run Tor network nodes. Anyone can run a Tor node, which relays the user's traffic through other nodes as encrypted data that can't be intercepted.

When the user's data reaches the edge of the Tor network, after bouncing through several nodes, it pops out the other side as unencrypted, readable data. Egerstad was able to get his mitts on sensitive information by running an exit node and monitoring the traffic that passed through it.

The problem, says Vitaliev, is some Tor users assume their data is protected from end to end. "As in pretty much any other internet technology, its vulnerabilities are not well understood by those who use it (and) need it most," he says.

The discovery that sensitive, government emails were passing through Tor exit nodes as unencrypted, readable data was only mildly surprising to Egerstad. It made sense – because Tor documentation mentions "encryption", many users assume they're safe from all snooping, he says.

"People think they're protected just because they use Tor. Not only do they think it's encrypted, but they also think 'no one can find me'," Egerstad says. "But if you've configured your computer wrong, which probably more than 50 per cent of the people using Tor have, you can still find the person (on) the other side."

Initially it seemed that government, embassy, NGO and corporate staffers were using Tor but had misconfigured their systems, allowing Egerstad to sniff sensitive information off the wire. After Egerstad posted the passwords, blame for the embarrassing breach was initially placed on the owners of the passwords he had intercepted.

However, Egerstad now believes the victims of his experiment may not have been using Tor. It's quite possible he stumbled on an underground intelligence gathering exercise, carried out by parties unknown.

"The whole point of the story that has been forgotten, and I haven't said much about it, (is that) many of these accounts had been compromised," he says. "The logins I caught were not legit users but actual hackers who'd been reading these accounts."

In other words, the people using Tor to access embassy email accounts may not have been embassy staff at all. Egerstad says they were computer hackers using Tor to hide their origins from their victims.

The cloaking nature of Tor is appealing in the extreme to computer hackers of all persuasions – criminal, recreational and government sponsored.

If it weren't for the "last-hop" exit node issue Egerstad exposed in such a spectacular way, parties unknown would still be rifling the inboxes of embassies belonging to dozens of countries. Diplomatic memos, sensitive emails and the itineraries of government staffers were all up for grabs.

After a couple of months sniffing and capturing information, Egerstad was faced with a moral dilemma: what to do with all the intercepted passwords and emails.

If he turned his findings over to the Swedish authorities, his experiment might be used by his country's intelligence services to continue monitoring the compromised accounts. That was a little too close to espionage for his liking.

So Egerstad set about notifying the affected governments. He approached a few, but the only one to respond was Iran. "They wanted to know everything I knew," he says. "That's the only response I got, except a couple of calls from the Swedish security police, but that was pretty much all the response I got from any authority."

Frustrated by the lack of a response, Egerstad's next step caused high anxiety for government staffers – and perhaps intelligence services – across the globe. He posted 100 email log-ins and passwords on his blog, DEranged Security. "I just ended up (saying) 'Screw it, I'm just going to put it online and see what happens'."

The news hit the internet like a tonne of bricks, despite some initial scepticism. The email logins were quickly and officially acknowledged by some countries as genuine, while others were independently verified.

US-based security consultant – and Tor user – Sam Stover says he has mixed feelings about Egerstad's actions. "People all of a sudden (said) 'maybe Tor isn't the silver bullet that we thought it was'," Stover says. "However, I'm not sure I condone the mechanism by which that sort of information had to be exposed in order to do that."

Stover admits that he, too, once set up a Tor exit node. "It's pretty easy . . . I set it up once real quick just to make sure that I could see other people's traffic and, sure enough, you can," he says. "(But) I'm not interested in that sort of intelligence cialis mg dosage gathering."

While there's no direct evidence, it's possible Egerstad's actions shut down an active intelligence-gathering exercise. Wired.com journalist Kim Zetter blogged the claims of an Indian Express reporter that he was able to access the email account for the Indian ambassador in China and download a transcript of a meeting between the Chinese foreign minister and an Indian official. In addition to hackers using Tor to hide their origins, it's plausible that intelligence services had set up rogue exit nodes to sniff data from the Tor network.

"Domestic, or international . . . if you want to do intelligence gathering, there's definitely data to be had there," says Stover. "(When using Tor) you have no idea if some guy in China is watching all your traffic, or some guy in Germany, or a guy in Illinois. You don't know."

Egerstad is circumspect about the possible subversion of Tor by intelligence agencies. "If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on," Egerstad says. "Who would pay for this and be anonymous?"

While Stover regards Tor as a useful tool, he says its value is greatly overestimated by those who promote and use it. "I would not use or recommend the tool to hide from people between you and your endpoint. It's really purely a tool to hide from the endpoint," he says.

As a trained security professional, Stover has the nous to understand its limitations, he says. Most people don't.

The lesson remains but the data Egerstad captured is gone, the Swedish hacker insists. He's now focusing on his career as a freelance security consultant. "I deleted everything I had because the information I had was belonging to so many countries that no single person should have this information so I actually deleted it and the hard drives are long gone," he says.

Patrick Gray's interviews with Dan Egerstad and Sam Stover can be heard in his podcast from http://ITRadio.com.au/security..

This story was found at: http://www.theage.com.au/articles/2007/11/12/1194766589522.html

by Greg Shultz | Feb 21, 2007

Takeaway: Hidden clutter exists on your Windows XP machine in the form of duplicate files. Here's how to free up valuable hard disk space by doing some early spring cleaning with the Duplicate Finder tool.

Even if you're a conscientious computer user (i.e., you regularly delete unnecessary files, empty the Recycle Bin, and run Disk Defragmenter), you may be unaware of a potentially big waster of hard disk space: duplicate files. Applications can litter your hard disk with duplicate files, or you can actually create duplicate files by copying files from one folder to another.

Windows XP's default installation doesn't provide you with a decent utility for tracking down duplicate files. However, Microsoft does have a tool called Duplicate Finder, which is part of the Windows XP Service Pack 2 Support Tools. Here's how to install and use the Duplicate Finder tool:

1. Download the Windows XP Service Pack 2 Support Tools and follow the instructions for installing the Complete installation version.
2. Open the Run dialog box by pressing [Windows]R.
3. Type Dupfinder in the Open text box and click OK.
4. Once DupFinder loads, simply select the drive or folder to search and then click the Start Search button.
5. When DupFinder cialis mail order completes its search, you can scan through the list and examine the duplicate files.

Here are tips for working with the list of duplicate files:

• Use either the Print Report or Export Data commands on the File menu to create a permanent record of the duplicate files.
• Use the Sort command on the View menu to reorganize the list for better analysis.
• To get more detailed information about any file, select the file, pull down the File menu, and select the Info command.
• Leave duplicate files in the Windows folder and its subfolders alone.
• If you don't recognize the duplicate file, it's better to use the Rename or Move commands on the File menu rather than the Delete command.

Note: This tip applies to both Windows XP Home and Windows XP Professional.

Has your Windows operating system ever bugged you with this error message:

And oh no, not just that one! I'm talking about any one of these pesky messages:

• Cannot delete file: Access is denied.

• There has been a sharing violation.

• The source or destination file may be in use.

• The file is in use by another program or user.

• Make sure the disk is not full or write protected and that the file is not currently in use.

Source:

VaultletSoft

Overview: VaultletSuite 2 Go uses Open Source 2048 bit RSA public key cialis for daily use and 256 AES encryption, and is the easiest way to protect and control your spam-free email, passwords and important files wherever you and USB drive may roam. VaultletSuite 2 Go contains the following services: VaultletMail: Protect and control your spam free email, along with controlling whether your messages are printed, archived, forwarded, and even how long they live before they vanish. PasswordValet: View, edit and protect your valuable account and password information with one click. VaultletFiler: Protect the valuable files that you store on your USB thumb drive with one click. VaultletMail DropBox: Receive secure messages from anyone who uses the DropBox. All it takes is two clicks to send you a point-to-point encrypted email message. SpecialDelivery BETA: Send encrypted time and view constrained content to anyone in the world. VaultletSuite 2 Go: Your World, Secured. Anywhere. Version 2.3 features cleaner HTML message handling.

Pasted from <http://downloads.zdnet.com/download.aspx?&compid=66285&docid=319557&tag=nl.e530>