Sunday, December 25, 2005

Happy Holidays

Peace on Earth....A Christmas Wish
Bing Crosby/David Bowie

Peace on Earth
Can it be?
Years from now
Perhaps we'll see.
See the day of Glory
See the day when men of Good Will
Live in Peace
Live in Peace again.

Peace on Earth
Can it be?

Every child must be made aware
Every child must be made to care
Care enough for his fellow man
To give all the love that he can.

I pray my wish will come true
For my child and your child too
He'll see the day of Glory
He'll see the day when men of good will
Live in Peace again.

Peace on Earth
Can it Be?
Can it Be?

Tuesday, December 20, 2005

Sober Worm Makes Pedophile Arrest

Generally, the word "computer virus" sends shivers down the spine of any computer user. These small, but deadly programs, obviously designed with the most malicious intentions, have done a lot of damage over the past few years. However, it seems that every now and then, viruses become…vigilantes.

The story reported by the Reuters agency seems taken out of a bad comedy. A German child porn offender has turned himself in to the Police, after receiving an e-mail, that that listed the sender as Germany's Federal Criminal Police Office (BKA), allegedly warning him that he is under investigation for visiting some illegal websites. However, no official authority had sent that e-mail. The author was none other than our “friendly” neighborhood friend, the Sober worm.

"It just goes to show that computer worms aren't always destructive," said a spokesman for police in the western city of Paderborn. "Here it helped us to uncover a crime which would otherwise probably have gone undetected."

Police charged the 20-year-old man after finding pornographic images of children on his home computer.

I think that this story proves that old proverb saying that "Every cloud has a silver lining", even if, in the case of worms and viruses, these silver linings are harder to find than a needle in a haystack...

NYC Safety Agent Dies at School

This is just sad for all kinds of reasons...

A city school safety agent died Friday 12/16 of an apparent heart attack after an unruly 12-year-old girl punched the officer during a Crown Heights school dance, police said.

Vivian Samuels, 58, was ejecting the girl about 5:30 p.m. from the dance at MS 390 at 1224 Park Place at the request of Principal Tyona Washington, police said.

As she was being escorted out, the girl struck Samuels at least twice in the face, causing the agent to fall to the ground. Two other agents had to help restrain the girl.

Maker of EnCase Forensics Software Hacked

Guidance Software had to do a forensic investigation on its own systems after a hacker broke in and accessed records, including credit card data, of thousands of customers.

The attack occurred in November, but wasn't discovered until Dec. 7, John Colbert, chief executive officer of Guidance, said in an interview Monday. The attack exposed data on thousands of the company's customers, including 3,800 whose names, addresses and credit card details were exposed, he said.

"A person compromised one of our servers," Colbert said. "This incident...highlights that intrusions can happen to anybody and nobody should be complacent about their security."

Gee you think?

Monday, December 19, 2005

Insider Threat Statistics

From Europe, although I doubt it's any different in the U.S.:
  • One in five workers (21%) let family and friends use company laptops and PCs to access the Internet.
  • More than half (51%) connect their own devices or gadgets to their work PC.
  • A quarter of these do so every day.
  • Around 60% admit to storing personal content on their work PC.
  • One in ten confessed to downloading content at work they shouldn't.
  • Two thirds (62%) admitted they have a very limited knowledge of IT Security.
  • More than half (51%) had no idea how to update the anti-virus protection on their company PC.
  • Five percent say they have accessed areas of their IT system they shouldn't have.
One caveat: the study is from McAfee, and as the article rightly notes:

Naturally McAfee has a vested interest in talking up this kind of threat....

And finally:

Based on its survey, McAfee has identified four types of employees who put their workplace at risk:
  • The Security Softie – This group comprises the vast majority of employees. They have a very limited knowledge of security and put their business at risk through using their work computer at home or letting family members surf the Internet on their work PC.
  • The Gadget Geek – Those that come to work armed with a variety of devices/gadgets, all of which get plugged into their PC.
  • The Squatter – Those who use the company IT resources in ways they shouldn't (i.e. by storing content or playing games).
  • The Saboteur – A very small minority of employees. This group will maliciously hack into areas of the IT system to which they shouldn't have access or infect the network purposely from within.
I like this list...

Thursday, December 15, 2005

Netcraft Anti-Phishing Toolbar Available for Firefox 1.5

Firefox users who haven't yet tried the Netcraft Toolbar are invited to install the latest version, which has been updated for compatibility with Firefox 1.5. Current users upgrading from Firefox 1.0.7 or earlier will need to install the newest version of the toolbar.

Analysis of Malcode - Step by Step

An interesting look at the process of dissecting a malcode sample using tools and techniques that are commonly used by forensic teams...
Overview: (Please Read)
=+=+=+=+=+=+=+=+=+=+=+=+=+
As many of you venture into a pervasive computing environment, it will not be long before
you will be faced with a situation where forensics will be needed. This is an upcoming, and
in my opinion, will be the hottest area of security. If you’re one to chase the big bucks and
you want to stay in the technology track, then this is the route for you. Otherwise, go off
and write documentation for all of the new regulations. That too is hot and returning hefty salaries.

Hey It's Not Friday! - Patriot Act II

Wednesday, December 14, 2005

Home Security - Table Converts to Club and Shield

The 'Safe Bedside Table' has a removable leg that acts as a club and a top that doubles as a shield for self-defense. This is for people who are willing to take on an intruder, providing an extra sense of security whilst in bed.

Students Find Teacher’s Porn - Students Get Suspended

Are things a little backward - down under? This is a fine Humpty Doo...
Three Northern Territory high school students have been caught allegedly accessing a pornographic screensaver on a teacher's computer.

The year seven students were suspended from attending the The St Francis of Assisi Humpty Doo school after typing in a password that brought up a screen saver of a naked woman in a pornographic pose.

The computer accessed was the personal laptop of a female teacher.

The teacher has been reprimanded by the Territory Catholic Education Office for bringing inappropriate material to school, the Northern Territory News reported.

Monday, December 12, 2005

Play Doh Fingers Fool Fingerprint Readers

$3.1 million to play with Play-Doh? Not a bad gig...

Clarkson University Associate Professor of Electrical and Computer Engineering Stephanie C. Schuckers has unmasked the weakness of most fingerpint readers by tricking them into accepting PLAY DOH fingers as real. She used "dental materials" to create a mold of a person's finger, then pressed the Play Doh into the mold. Other materials -- not to mention real-but-severed fingers -- do the trick as well. She and her team are working on improving the technology by teaching scanners to read perspiration patterns in fingers, instead of just the pattern of fingerprints.

Schuckers' biometric research is funded by the National Science Foundation (NSF), the Office of Homeland Security and the Department of Defense. She is currently assessing spoofing vulnerability in fingerprint scanners and designing methods to correct for these as part of a $3.1 million interdisciplinary research project funded through the NSF.

Sunday, December 11, 2005

Air Force Will Guard Cyberspace?

The U.S. Air Force's goals now include "fighting" in cyberspace, according to a new mission statement released this past week...
"The mission of the United States Air Force is to deliver sovereign options for the defense of the United States of America and its global interests -- to fly and fight in Air, Space, and Cyberspace."
Not all that new for them, see this document from January 25, 2005...
The Air Force is pursuing technologies that it believes could engender new operational concepts, to dominate air, space, and cyberspace. These include high performance stealthy aircraft (the F/A-22 and Joint Strike Fighter (JSF)), unmanned combat aerial vehicles (UCAVs), directed energy weapons (such as the airborne laser), miniaturized munitions, and advanced command, control, communications, computers and intelligence (C4I). The Air Force’s space-related programs are in varying states of maturity, and include space-based radars, space-based lasers, micro satellites, “next generation” missile defense, and space operations vehicles. Air Force efforts in the area of cyberspace include computer network attack, computer network defense, and information assurance activities. Both space and cyberspace capabilities are expected to become increasingly important as the Air Force and the other services leverage U.S. information technology assets in numerous warfighting applications.

Friday, December 09, 2005

eBay Pulls Bidding for MS Excel Vulnerability

Whats the retail value of a security vulnerability in Microsoft Corp's Excel spreadsheet program? At last check: $53 and counting.

An unknown security researcher chose a novel way to issue a warning for a code execution flaw in Excelposting it for sale on eBay. But the auction was pulled late Thursday after discussions between Microsoft and eBay Inc.

When the auction was squashed, the bidding had reached $53 and had attracted 19 offers.

A spokeswoman for Microsoft confirmed that the eBay listing was indeed a legitimate security flaw in Excel.

They have even assigned a CVE entry for this:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4131

Screen shot here

More Friday Fun - The EyeBall Camera

New wireless police camera can be thrown into dangerous situations, like the girls' shower...

The EyeBall camera weighs less than a pound and is protected by a rugged rubber and polyurethane housing. That allows it to be thrown through windows or bounced off walls. When it comes to a rest, the ball stabilizes itself, then begins transmitting footage and sound up to 200 yards away.

Fridays Are For Fun! - Cop Zaps Partner over Soda Break

A police officer has been charged with using a Taser on his partner during an argument over whether they should stop for a soft drink.

Ronald Dupuis, 32, was charged Wednesday with assault and could face up to three months in jail if convicted. The six-year veteran was fired after the Nov. 3 incident.

Dupuis and partner Prema Graham began arguing after Dupuis demanded she stop their car at a store so he could buy a soft drink, according to a police report.

The two then struggled over the steering wheel, and Dupuis hit her leg with his department-issued Taser, the report said. She was not seriously hurt.

Hamtramck police union lawyer Eugene Bolanowski said he expected Dupuis to hire a private lawyer.

Hamtramck is a city of 23,000 surrounded by Detroit.

Thursday, December 08, 2005

Port Scans May Not Always Signal Attacks

University of Maryland'’s A. James Clark School of Engineering researchers have released quantitative data on how hackers break into computers. Their work could change the way system administrators secure their computer systems.

Many (don't count me) in the computer security community have assumed for years that "port scans" precede actual attempts to hack into computers (in a port scan, the hacker tries to find the availability and potential weaknesses of the computer). While some of the largest corporations and government agencies have focused on similar issues, they have not released their findings.

The Clark School researchers, in an article published earlier this year at the Institute of Electronics and Electrical Engineers (IEEE) International Conference on Dependable Systems and Networks DISNEYN Â’05), revealed that port scans precede attacks only around 5 percent of the time. More than 50 percent of attacks are not preceded by a scan of any kind. Hackers donÂ’t necessarily look before they leap.

Wednesday, December 07, 2005

Security Auditing Toolset - Ferret-1.2 Just Released

Ferret is a software tool for checking host vulnerabilities. Ferret helps system administrators by quickly finding vulnerabilities that are present on a host. Ferret is a freely available open-source software implemented in VBScript and Java.

Tuesday, December 06, 2005

How Things Work - Cisco Vulnerability

An interesting window into the hacker mentality. This guy walks step by step through the process of figuring out how to exploit a Cisco IOS HTTP Server code injection vulnerability.

The Cisco advisory here

Homeland (not) Security - 9/11 Commission Grades Progress

9/11 Commission grades the governments progress on it's recommendations - The Bush administration and US Congress are "moving at a crawl" against nimble terrorists", leaving the country vulnerable more than four years after the 2001 attacks, the former September 11 Commission has said in a scathing final report.

Sunday, December 04, 2005

Quonset Huts Yesterday and Today -- Book and Exhibition

This one is for GP - Prefab Quonset huts -- which Buckminster Fuller helped design -- were a staple of WWII logistics, a city for any climate that you could erect in a day. After the war, surplus Quonsets became ubiquitous in American architecture, being converted to houses, churches, and places of work. The Anchorage, Alaska Museum of History and Art is staging an exhibition of Quonsets past and present and has released a book to commemorate it.

Man Uses Open Wi-Fi Networks to Forge Prescriptions

A man who was addicted to pain killers was recently arrested while in line at a Kroger, because the pharmacy suspected him of bogus prescriptions. He used neighbors open Wi-Fi to download prescriptions, then he took them back to his motel room, re-wrote them, and printed them out.

Police say the scheme started with a keychain gadget known as a wi-fi finder, which scans for wireless Internet service. Once Mockensturm found a signal, detectives say would park his van in front of someone's house, steal their wireless Internet access, and download the prescription painkiller information he needed --- without them ever knowing it.

Once he returned to his motel room, detectives say Mockensturm would plug the painkiller information into his computer, then scan an actual prescription, rewrite it, and print out a bogus batch.

Police say the real prescription was for a name-brand drug. But without medical insurance, Mockensturm could only afford a cheap high-- so he went for generic painkillers.

Mockensturm got busted waiting in line at Kroger, when workers at the pharmacy smelled fraud.

Saturday, December 03, 2005

Secure Driving - Stoned Drivers Die More Often

Cannabis almost doubles the risk of fatal car crashes, according to a new study, though smoking the drug is still far less risky than drink-driving, the researchers say.

Stoned drivers were almost twice as likely to be involved in a fatal car crashes than abstemious drivers, according to a study of 10,748 fatal car crashes in France between 2001 and 2003. More than half of the drivers in the study themselves died as a result of their accidents and all the subjects were tested for drug and alcohol use after crashing.

Even after accounting for factors such as the age of the drivers and the condition of the vehicle, the researchers conclude that cannabis caused a significant number of the fatalities, with 2.5% of the crashes directly attributed to cannabis use. Alcohol was the direct cause of about 29%.

Using cannabis and alcohol together was 16 times more risky than driving with neither drug in their body.

Friday, December 02, 2005

Fridays are for Fun - Secure your Nuts!

Russian squirrel pack 'kills dog' - Squirrels have bitten to death a stray dog which was barking at them in a Russian park, local media report. Passers-by were reportedly too late to stop the attack by the black squirrels in a village in the far east, which reportedly lasted about a minute. They are said to have scampered off at the sight of humans, some carrying pieces of flesh.

Thursday, December 01, 2005

A Bunch of Bluetooth Hacks

Headphone hijacking, green plaque multi dongle discovery, link key theft... Lots of fun stuff...
 
Copyright 2017 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan