Lost+Found: Anonymous surfing, dubious DRM and a stuck stock exchange

Too short for news, too good to lose; Lost+Found is a roundup of useful and interesting security news. In this edition: the latest edition of Nmap arrives, a router to route everything over Tor, an Autorun pest, a PDF autopsy, Stockholm's stuck stock exchange, and a rather breakable unbreakable DRM.

• Nmap has developed from a port scanner to a swiss army knife for pentesters and version 6.25 continues this development path with Windows 8 support and 85 new scripts to collect extra information.

• With P.O.R.T.A.L. a wireless TP-LINK router can be configured to send all its internet traffic through the Tor anonymising network. We've not tested this, but we're pretty sure you can't expect a rush of speed from this setup.

• Anti-virus experts at McAfee have discovered a Windows pest that spreads via the autorun feature of the operating system – notwithstanding the fact that this vector hasn't existed for machines maintained through Windows Update for nearly two years.

• What happens when you open a fake Vodafone Bill that arrives in your email as a PDF? Researchers at SpiderLabs take us through it step by step.

• The Stockholm Stock Exchange apparently had serious problems when an order for 4.3 billion futures at a unit price of 107,000 SEK – coming to nearly 460 SEK trillion or 131 times the GDP of Sweden – brought the exchange to a halt. The troubleshooting is still ongoing, but it appears to be an integer underflow which resulted from the entry of a negative number thus creating the 4.2 billion future order.

• Leaping Brain advertised their video DRM system Braintrust as "virtually unbreakable". The researcher Asher Langton sees it somewhat differently after he found out that the DRM is comprised of each 1KB of the first 15KB of the video file having its initial bytes XORed with the string "RANDOM_STRING".

(djwm)