Sunday, July 31, 2005

The Kegbot At DefCon 05


The annual hacker conference DefCon in Las Vegas this weekend has spawned some pretty innovative stuff, not the least of which is the Kegbot. DefCon attendee Phillip Torrone of Make Magazine writes:

One the coolest projects I’ve seen so far at DEFCON was the kegbot, a linux based keg that dispenses beer as long as you have an iButton key. The system keeps track of who you are, how much you’re drinking and in team mode- where you rank. the Kegbot crew built and deployed a kegbot on site at DEFCON, we were lucky enough to get there and document the building of it!

More pics and instructions on building your own Kegbot at the Make Magazine web site.

Saturday, July 30, 2005

Microsoft "Genuine Advantage" cracked in 24 hours

This week Microsoft stopped providing updates to non-genuine versions of its Windows XP operating system. The company has switched over to a full launch of its Windows Genuine Advantage Program as part of its ongoing anti-piracy campaign.

Users will now have to join the WGA authentication program if they want to receive software updates from the Microsoft Download Centre or from Windows Update. However, MS says it will still provide security patches for pirated systems, which will be available via Automatic Updates in Windows.

Well, it was good while it lasted... The protection was cracked within 24 hours...

Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

CODE
javascript:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check.

Gun Safety


A tale that snopes has verified of a DEA agent who’s caught on video accidentally shooting himself while lecturing on gun safety! He limps around, afterwards, and tries to turn it into some kind of object lesson.

Friday, July 29, 2005

Crap it's Friday Already!

Crap Cleaner may be a system cleaner but it has also removed browser hijacks when nothing else would. CCleaner is a freeware system optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. But the best part is that it's fast (normally taking less that a second to run) and contains NO Spyware or Adware!

Cleans the following:

* Internet Explorer Cache, History, Cookies, Index.dat.
* Recycle Bin, Temporary files and Log files.
* Recently opened URLs and files.
* Third-party application temp files and recent file lists (MRUs).
Including: Firefox, Opera, Media Player, eMule, Kazaa, Google Toolbar, Netscape, Office XP, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and more...
* Advanced Registry scanner and cleaner to remove unused and old entries.
Including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more... Backup for registry clean.

Thursday, July 28, 2005

Scandal at BlackHat?

Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference at Caesars Palace, Las Vegas • July 23-28, 2005 earlier in the day.

Basically this adds a whole new twist to the router exploit field. Remote code executation via buffer overflow. That in general has not existed in the cisco world because no one had developed it. In the past most router vulnerabilities were denial of service vulnerabilities. See this CRN article for additional details on this event.

Also this year's Black Hat presentations are now online...

Wednesday, July 27, 2005

Border Security (Border XXX-ings)

Many of us here in the good old USA have gotten into the habit of thinking of Canada as our smarter cousin to the north: a society open to gay marriage, more relaxed attitudes towards (less harmful than alcohol) recreational drugs, health care that covers more people for less cost, etc. So when we find out that Canada can be a big old arrogant dolt like us, it's more shocking than it might otherwise be...

This week, The Smoking Gun got their hands on the "Admissible and Prohibited Titles" list from Canada's Border Patrol -- and, for some of us, (like one gp) it reads almost like a shopping list. (The document officially covers "obscenity, hate speech, and child pornography," but the only material listed is in the "obscenity" category.)

DefConTime

You still have time to head out- DefCon 13 will be held at the Alexis Park in Las Vegas, Nevada, July 29-31.

The folks at SANS have some Con-fu - good tips for protecting your system if you do go (or anytime for that matter).

Get there early and head over to the pre-DefCon Summit! TheSummit is a fund raiser for the EFF, a nonprofit group of passionate people - lawyers, technologists, volunteers, and visionaries - working to protect your digital rights.

Woman Accused of Groping Airport Screener

Things that make you go hmmm...

A 62-year-old woman who was upset about being searched at an airport shoved a security screener and then grabbed her breasts, federal prosecutors said. The woman said she reacted in self-defense to "an absolute invasion of my body."

Dintenfass denied that she shoved Gostisha, but admitted putting her hands on the agent's breasts.

"I was mortified that I had done that," she said. "I was reacting to what felt like an absolute invasion of my body."

Tuesday, July 26, 2005

WiFi Cantennas now “illegal”

What is disturbing about this article are comments like:

Known as "cantennas," they consist of a Pringles can and some hardware worth $5 to $10 but can be used to amplify a wireless signal several miles away.

"They're unsophisticated but reliable, and it's illegal to possess them," said Lozito of the Hi-Tech Crimes Task Force.


also...

It's also illegal to access wireless networks that aren't public. In other words, if you've ever been pleasantly surprised to open your laptop, pull up your browser and have Internet access, that likely means you've just intruded into someone else's unsecured network‚— and really aren't allowed to be there.

How do articles like this get published?

For a more intelligent view- CNet's News.com has one of its excellent FAQ pieces on whether it's legal to mooch WiFi. The bottom line: Uh, we dunno.

Monday, July 25, 2005

Russia’s Biggest Spammer Brutally Murdered in Apartment

Who said SPAM wasn't dangerous...

Vardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head.

Currently the entire Russian population is being considered a suspect. ;)

Build Your Own Wardriving Box

Our friends at wardriving.ch did an amazing job in building an embedded PC based wardriving box. See the full article for instructions on where to get the materials and how to build the software distribution.

Saturday, July 23, 2005

Congress Report: TSA Broke Privacy Laws

The Transportation Security Administration violated privacy protections by secretly collecting personal information on at least 250,000 people, congressional investigators said Friday.

The Government Accountability Office sent a letter to Congress saying the collection violated the Privacy Act, which prohibits the government from compiling information on people without their knowledge.

From the article: The GAO letter said that the TSA also said originally that it wouldn't use and store commercial data about airline passengers. It not only did that, it collected and stored information about the people with similar names.

"As a result, an unknown number of individuals whose personal information was collected were not notified as to how they might access or amend their personal data," the letter said.

It was only after meeting with the GAO, which is overseeing the program, that the TSA published a second notice indicating that it would do the things it had earlier said it wouldn't do.

Oberman said it's not unusual to revise such notices.

"We are conducting a test," he said. "I didn't know what the permutations would be."

Oberman also said that the test has no impact on anyone who travels and that the data will be destroyed when the test is over.

Anybody want to guess when the test will be over?

Friday, July 22, 2005

It's Friday.... Time for the Straight Poop

Big Brother? The rest of the family is lurking online

A lesson for London? Drop a bomb on the subway in Korea and they nab you quick!

If you no longer marvel at the Internet's power to connect and transform the world, you need to hear the story of a woman known to many around the globe as, loosely translated, Dog Poop Girl.

Recently, the woman was on the subway in her native South Korea when her dog decided that this was a good place to do its business.

The woman made no move to clean up the mess, and several fellow travelers got agitated. The woman allegedly grew belligerent in response.

What happened next was a remarkable show of Internet force, and a peek into an unsettling corner of the future.

One of the train riders took pictures of the incident with a camera phone and posted them on a popular Web site. Net dwellers soon began to call her by the unflattering nickname, and issued a call to arms for more information about her.

According to one blog that has covered the story, "within days, her identity and her past were revealed. Requests for information about her parents and relatives started popping up, and people started to recognize her by the dog and the bag she was carrying," because her face was partially obscured by her hair.

Online discussion groups crackled with chatter about every shred of the woman's life that could be found, and with debate over whether the Internet mob had gone too far. The incident became national news in South Korea and even was discussed in Sunday sermons in Korean churches in the Washington area.

Humiliated in public and indelibly marked, the woman reportedly quit her university.

Thursday, July 21, 2005

Japanese Bank Hypes ATM “Slot Machine”

A Japanese bank is offering automatic tellers with a built-in slot machine to jazz up the “boring” experience of withdrawing money from a hole in the wall. Customers who get the words “Super Gold” three times in a line will win about £5, but can only collect the winnings from inside the bank during working hours.

Judging its customers to be financially astute, the bank will inform cash-machine users what odds are on offer. The chances of having a transaction fee waived are about 1 in 10, and the odds of hitting the 1,000 yen jackpot are 1 in 500.

Since the adoption rate for Online Banking has historically mirrored that of ATMs.... Can games at your favorite online banking site be far behind?


So Long Mr. Scott

James Doohan led a varied and eventful life. So much so that his biography "Beam Me Up Scotty!" is a very interesting read. Did you know that Scottys' middle name Montgomery actually comes from Jimmy Doohans' grandfather, a Scottish sea captain by the name of James Montgomery - Jimmy would also seem to have taken after him in that his mother was born when his grandfather was over seventy! Jimmy and his wife Wende were blessed with their youngest child when he was eighty.

On Wednesday 7/20 Doohan died at his home in Redmond, Wash., with his wife of 31 years, Wende, at his side. He had retired from public events last year, not long after announcing he had Alzheimer's disease.

Houston-based Space Services Inc., which specializes in space memorials, plans to send a few grams of Doohan's ashes aboard a rocket later this year. The remains, which will be sealed in an aluminum capsule, will eventually burn up when they re-enter Earth's atmosphere.

Wednesday, July 20, 2005

More Flash Demos of Hacks from WHAX

http://eks0.free.fr/whax-demos/

Also, here are some other demos incuding one using Whoppix/WHAX on WEP.

Tuesday, July 19, 2005

Event Log Explorer 1.2

Event Log Explorer allows administrators to view, monitor and analyze events recorded in the Security, System, Application and other logs. The program extends the features of the standard event log viewer by offering detailed filtering capabilities, that allow you to view events by category, event ID, event type, user, as well as by date or keyword match. Event Log Explorer can also export your evnts as HTML or printable text report.

And it is freeware...

Causes of Suicide Terrorism

Here's a very fascinating interview with Robert Pape, a University of Chicago professor who has studied every suicide terrorist attack since 1980.

Monday, July 18, 2005

Financial Security or Things Obaid Hasn't Told You

Deficit Falls

The projected federal budget deficit has decreased by nearly $100 billion thanks to unexpected increases in tax payments. Rising corporate profits, up 40 percent over 2004, provided most of the extra money.

Gas

Does the average price of a gallon of gas at $2.328 got you in the dumps? You should know this - We are still better off than we were in March 1981 when the real cost of fuel hit its all time high. Back them a gallon cost $1.417 the equivalent of $3.107 a gallon today in inflation adjusted dollars!
SUVs rock!

Unemployment Hits Four-Year Low

Unemployment in June fell to 5%, the lowest level in nearly four years. The drop of 224,000, was the greatest monthly decline in more than a decade.

Saturday, July 16, 2005

Finger Scanning At Disney Parks Causes Concern

The addition of finger scanning technology at the entrances of Walt Disney World theme parks for all visitors has caused concern among privacy advocates.

"Disney World is now requiring all visitors to have their index and middle fingers scanned to gain entrance to the park. This started for season pass holders, but is now required for everyone."
From the article: "'I think it's a step in the wrong direction,' Civil Liberties Union spokesman George Crossley said. 'I think it is a step toward collection of personal information on people regardless of what Disney says.'"

Disney always gave me the willies... This just adds to it. GP, just think of the germs!

Friday, July 15, 2005

The System Administrator Song

System administrators the world over, rejoice! A song has been sung in your honor. Wes from Three Dead Trolls is at it again with The System Administrator Song. Are you a sysadmin yourself,and/or do you annoy one on a regular basis?

Note: Just because you might have an Administrator account on your system does not necessarily make you a system administrator...

There's a guy who works in another room, or on another floor; He's the one you call, when your document ain't there no more; he's probably a boy, but he might be a girl, or something in between; he's the only one in the office who knows what 'PC Load Letter' means. He's your system administrator; he's probably into comic books; and you tremble in fear when you have to hear one of his 'what a dummy' looks.

Don't forget upcoming System Administrator Appreciation Day!

Fridays are for Fun - DIY Home Projector

Have $200-800 sitting around and some time for tinkering? InventGeek has a project suitable for the novice user. Now you can build your very own LCD projector...

Thursday, July 14, 2005

Domain Name HIJacking: Incidents, Threats, Risks, and Remedial Actions

In a 48 page report the ICANN's Security and Stability Advisory Committee has outlined several famous and recent thefts of websites, including Panix.com, Hushmail.com and HZ.com, and listed where the system went wrong and what can be done to correct the flaws. It has made 10 findings and, in response, 10 recommendations for how the internet industry and consumers themselves can make sure that people don't steal their online property.

Most of the bad guys still aren't that smart (that's the good news)

Taiwan snares "evil dragon" criminal via online game

Taiwan police captured a heavily armed fugitive whom they had been tracking for more than a year on Wednesday after he exposed his whereabouts by playing online computer games. Taiwan evening newspapers said Chang Hsi-ming, wanted for murder, illegal possession of weapons and multiple kidnappings, was found via his Internet protocol address after police found out he often played games online. The head of Taiwan's Criminal Investigation Bureau personally led the siege against Chang's hideout in central Taiwan, with more than 130 police and two armoured vehicles as he was known to be armed with assault rifles and hand grenades.

Illinois Police Arrest Man Who Said He Was Driving To D.C. With Explosives

Terry Daniel, 44, of Cedar Rapids, Iowa, used the words ''bomb,'' ''explosive,'' ''Washington, D.C.'' and ''president,'' over a CB radio around 3 a.m. Wednesday 7/13 while driving eastbound on Interstate 80, Princeton police chief Tom Root told the (LaSalle) NewsTribune.

After hearing his comments, truck drivers alerted the authorities.

Police took the man into custody at a service station off I-80 in this central Illinois town, about 100 miles southwest of Chicago, when Daniel apparently stopped for gas. A search of the van turned up containers and other materials that lent credence to his threat, Root said.

''There were some maps, documents and other things that lead us to believe that he was headed in that direction and that location,'' he said.

Wednesday, July 13, 2005

KCPenTrix ver 1.0 released today

Lots of SLAX activity in the last few days...

KCPentrix is a new liveCD designed to be a standalone Penetration testing toolkit for pentesters and security analysts. KCPenTrix is based on SLAX, a Slackware live CD and gentoo,auditor and whoppix.

Tuesday, July 12, 2005

Whoppix is DEAD - Long live WHAX!

WHAX is the natural evolution of WHoppix - a live cd, standalone penetration testing toolkit. There are some major new features in WHAX which add huge functionality compared Whoppix, and may change the way we use live distributions.

The big change is that WHAX is so longer based on Knoppix, but on SLAX, a Slackware live cd. One of the main reasons for this change is the wonderful world of modularity which SLAX uses.

This modularity means that versions of WHAX can be easily customize to include whichever modules we like. All the tools have been compiled to "WHAX Modules" which can be easily added or removed, depending on your needs.

hackergames.net!

Someplace for George to play when he is done at my house. Within you'll find a comprehensive list of hacking and security related challenges, hackits, wargames, tools, and tutorials, along with user reviews.

Monday, July 11, 2005

Phrack Magazine says Goodbye (for now)

Phrack is an online news service for hackers that has been in business for over 20 years starting initially as a dial-up bulletin board before moving to the web.

The magazine offered insight into all types of hacking, including hijacking wireless base stations in later editions.

The website does note: "We are preparing for a hardcover and ezine release at a major hacker convention near you!". So maybe we have not heard the last from Phrack.

Saturday, July 09, 2005

Internet chatroom helps keep City of London open

Does your business resumption plan have any out-of-band mechanisms in case some of your major systems fail? Even something simple as a published e-mail address not hosted on your own systems may be useful. Perhaps a Jabber server, or an IRC chat room somewhere?

A secret Internet chatroom run by Britain's financial regulators helped keep London's financial markets open after Thursday's bomb blasts, while financial firms activated security measures in case of further attacks.

A Bank of England spokeswoman said this was the first time the secure site had been used in an actual crisis situation since its creation in the wake of the Sept. 11, 2001 attacks on the World Trade Center in New York.

Friday, July 08, 2005

Fridays are so so special!

This weekend - spend some quality time searching for old pals, watch a little TV, make sure you are update-to-date with all your Microsoft patches via Firefox (yes it can be done), and for when you are all done, here's a bar of vibrating soap.

Thursday, July 07, 2005

London Rocked by Four Blasts

An organized Flickr photo collection of London's terrorist attack on July 7, 2005.

Take a moment and send them some goodwill in whatever fashion you see fit... even if you're not one of the persons wondering if friends, coworkers or family are among lost or injured.

My Mom would probably suggest prayers...

Turn Yourself into a Walking Hotspot

How to article on turning yourself into a walking hotspot by using a mobile power source and a cellular-to-Wi-Fi gateway.

The Voltaic Systems backpack makes a great platform to build from due to all of the internal wiring and myriad power adapters included in the kit. The Junxion Box is a simple, clean appliance to handle the Wi-Fi to Cellular interface.

The Junxion Box requires a 12 volt power source. So, natch, a lead-acid battery would feed it the juice it needs. Starting with a 1.2 Amp-hour battery will let the whole kit run a few hours. (The Box draws between 200 mA and 500 mA of current while active.) Adding a bigger battery will lengthen your run time. Solar adds a bit of extra runtime and will keep your battery topped off when the system isn't running.

The full article gives step-by-step and a parts list for you to make your own.

Wednesday, July 06, 2005

Browser Identification For Web Applications

Browser Identification is not a new concept. With the focus having shifted to desktops from networks and servers, a topic such as remote browser identification needs to be revisited.

Browsers identify themselves to web servers in the USER_AGENT header field that is contained in requests sent to the server. Almost every release of browsers contains sloppy code that allows malicious servers or attackers to compromise user privacy and security.

This paper outlines techniques that allow users to determine client browser types remotely.

Download the paper in PDF format here.

Tuesday, July 05, 2005

In the stolen-data trade, Moscow is the Wild East

The most expensive wares in Moscow's software markets, the items that some Russians are calling a threat to their personal safety, aren't on public display.

It takes less than 15 minutes to find them, however, at the teeming Gorbushka market, a jumble of kiosks selling DVDs, CD-ROMs and an array of gadgetry in an old factory west of downtown.

One question -- Where can we buy databases of private information? -- and the young man selling rip-off copies of Hollywood movies leaps to his feet. He leads the customers to another vendor, who wears a bull's head on his belt buckle. This second man listens to the request, opens his cellphone, and punches a speed-dial number.

Moments later, a third vendor appears. He is jovial and blunt about his trade.

"What do you need?" he says. "We have everything."

Monday, July 04, 2005

Pop-up Smut Tops Spyware Chart

A strain of spyware that displays pornographic pop-ups has retained its place as the top spyware nuisance on the net last month. ISTbar was responsible for 3.5 per cent of infections detected by Panda Software's free online malware scanner, more than any other spyware or adware application.

ISTbar, which poses as an ActiveX control, acts as an entry-point for other malware, adware and dialers. It also displays pornographic pop-ups, installs a toolbar and changes the home page of browsers on infested PCs.

Cydoor, an adware program that downloads advertisements from a server and displays them on PCs, made runner-up spot on Panda's June list of spyware nasties as nabbed by Panda's ActiveScan service, which was recently upgraded to add spyware detection alongside its existing virus busting features. Panda's June spyware chart features only one new entry, an adware package called MarketScore.

Spyware refers to a class of invasive program that generates pop-ups, hijacks user home pages or redirects searches in an attempt to either monitor user activity or bombard surfers with unwanted messages. It's a fast growing category that is beginning to eclipse more clear-cut malware - such as computer viruses - in economic impact if not in prevalence.

Top spyware threats, as compiled by Panda Software

1. ISTbar
2. Cydoor
3. New.net
4. XXXToolbar
5. Dyfuca
6. BetterInet
7. Petro-Line
8. Altnet
9. BargainBuddy
10. MarketScore

Sunday, July 03, 2005

Critical Information for the Traveling Public

Taking a trip this summer? Before you hop on that plane, you might want to check the latest info at AirSafe.com.

Real Homeland Security

Headed to that neighborhood BBQ or fireworks for the 4th... Check to see who might be back at your house going through your underwear drawer.

Friday, July 01, 2005

Security Skins - Better than Passmark?

Much has been written about the insecurity of passwords. Aside from being guessable, people are regularly tricked into providing their passwords to rogue servers because they can't distinguish spoofed windows and webpages from legitimate ones.

Here's a clever scheme by Rachna Dhamija and Doug Tygar at the University of California Berkeley that tries to deal with the problem. It's called "Dynamic Security Skins," and it's a pair of protocols that augment passwords.

First, the authors propose creating a trusted window in the browser dedicated to username and password entry. The user chooses a photographic image (or is assigned a random image), which is overlaid across the window and text entry boxes. If the window displays the user's personal image, it is safe for the user to enter his password.

Second, to prove its identity, the server generates a unique abstract image for each user and each transaction. This image is used to create a "skin" that automatically customizes the browser window or the user interface elements in the content of a webpage. The user's browser can independently reach the same image that it expects to receive from the server. To verify the server, the user only has to visually verify that the images match.

Friday Already? Time for Golf!

Having ball control issues? This should help secure a win!

LucidLink Releases Demo Chronicling Wi-Fi Hacker Attack

To truly understand a criminal, you have to get inside his mind and think as he does. Follow his steps. See what he sees. LucidLink Wireless Security has done just that, creating a Flash demonstration that chronicles the steps hackers follow while tapping into wireless networks to gain access to confidential information. In an attempt to raise awareness about the security implications of unsecured wireless networking, LucidLink has recently added the demonstration to its website.

The demonstration takes viewers through a step-by-step explanation of a hacker's activities, explaining how war drivers find wireless networks, gather information about them, and eventually infiltrate them in order to gain access to personal identity and company confidential information. The demonstration uses screen shots captured from freely available hacker programs so that viewers can see what hackers see as they click their way closer to breaking into even secured wireless networks.

 
Copyright 2018 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan