Tuesday, October 31, 2006

Info Sec Search Site - 100 Resources and Counting

After some more research and digging, www.searchinfosec.com now presents results from over 100 quality security resources, from a single search box.

Sunday, October 29, 2006

Boarding Pass for one Bin Laden/Osama

A computer security student says terrorists would have no trouble getting around the government’s no-fly list, and to prove it he set up a Web site (it’s down now) that prints fake boarding passes.

The passenger name on the fake boarding pass is “Bin Laden/Osama,” although travelers can put in their own name — or a fake one — and change the flight information, too.

Christopher Soghoian, a 24-year-old doctoral student at Indiana University, said he set up the site to prove that the Transportation Security Administration isn’t taking airline security seriously.

Soghoian said terrorists on the no-fly list could use a fake boarding pass to avoid the no-fly list because IDs are only checked when the passenger passes through TSA screening. So someone could use a fake boarding pass with an ID that matches and get through the screening.

Soghoian said he built his Web site to mimic Northwest Airlines boarding passes because he had one handy after flying Northwest earlier this week. He said he has nothing against the airline.

Soghoian said the fake boarding pass couldn’t get anyone onto a flight — as long as the airline’s computers were working — because the bar code wouldn’t match the other information on the pass.

At his blog he relates the tale of FBI visits following publication of his jest and his current status.

Monday, October 23, 2006

Q&A: Why Metasploit Publishes Hacker Tools

H.D. Moore, Metasploit founder, developer, and researcher talks about why it's important to publish security exploits, his organization's relationship to the cops, and more.

Certification Top 10 Lists Revisited

This is from CertMag.com and is getting a good bit of coverage. Go and see where your certs fit and plan you next few.

Here's the winners:

Best Hands-On Programs: Certified Professional Information Technology Consultant (CPITC)
Best Supporting Materials: (ISC)2 Certified Information Systems Security Professional (CISSP)
Best Specialty Certifications: Brocade Certified SAN Designer (BCSD)
Toughest Recertification Requirements: Cisco Certifications
Best Vendor-Neutral Credentials: Building Industry Consulting Services International (BiCSi)
Most Technically Advanced Programs: (ISC)2 Certified Information Systems Security Professional (CISSP)
Best New Programs or Certs: (ISC)2 Associate Program
Best Entry-Level Certifications: Certified Wireless Network Administrator (CWNA)

Tuesday, October 17, 2006

MySpace Predator Caught by Code


Five months ago, Wired News senior editor and former hacker Kevin Poulsen whipped up 1,000 lines of computer code that scoured MySpace’s 1 million plus profiles for 385,932 registered sex offenders in 46 states.

Kevin did a praiseworthy job. His detailed article at Wired is here.

Monday, October 16, 2006

Secure Future

Ophcrack LiveCD v.1.1.3 released

A new version of the LiveCD with the latest version of ophcrack 2.3.3 as well as bkhive2.

List of Podcasts with a 'Security" Focus

Name: PaulDotCom Security Weekly
Main Subject: anything related to computer security
Format: Casual
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: mobile malware, hacking ATM machines, tool that allows for hosts to communicate over wireless without being associated, Spamhaus in trouble, Filtering IM for kids, Hacking Web 2.0 Applications with Firefox
Justification: All kinds of good stuff week after week. Highly recommended.
Rss Link: http://pauldotcom.com/podcast/psw.xml

Name: Security Now!
Main Subject: computer security and basic technology concepts
Format: Formal
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: Parallels, Virtual PC, Application Sandboxes, Blue Pill, Vista's Virgin Stack
Justification: Despite the fact that Steve Gibson is a total tool who proves repeatedly that he knows alot less than he thinks he does, the show still touches on a number of interesting subjects that are worth tuning in for.
Rss Link: http://leoville.tv/podcasts/sn.xml

Name: Binary Revolution Radio
Main Subject: hacking, phreaking, computer security
Format: Casual
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: Toorcon, IPv6, Covert Channels, Phishing, Tunneling
Justification: Less organized but offers fresh information and interesting discussion each week
Rss Link: http://www.binrev.com/radio/podcast/

Name: PLA Radio
Main Subject: Phreaking
Format: Very Casual
Approx. Updates Per Month: 1 to 2
Recent Subjects Covered: Free Phone Calls, Beige Boxing, Deaf Relay Operators (IP Relay), Social Engineering
Justification: Covers topics related to "phone hacking". While the format is a bit strange, some of the older episodes had me laughing uncontrollably and are worth a listen.
Rss Link: http://www.phonelosers.org/rss.xml

Name: Off The Hook
Main Subject: General technology, phreaking, politics
Format: Semi-formal
Approx. Updates Per Month: 4 to 5
Justification: This show, hosted by Emmanuel Goldstein, has been running since the 80's and has become somewhat legendary in the Hacking and Phreaking communities as it's been there to document the evolution of technology. Definitely worth a listen.
Rss Link: http://www.2600.com/rss.xml

Name: SploitCast
Main Subject: new vulnerabilities, exploit code, security and technology news
Format: Casual
Approx. Updates Per Month: 1 to 4
Recent Subjects Covered: Interview with Johnny Long, ping tunneling, sensitive data on stolen laptops, Zfone, high level ISP hacks, darknets
Justification: They haven't been releasing much lately, but their episodes are usually pretty interesting. I can't find any other podcasts that discuss exploit code in great detail.
Rss Link: http://sploitcast.libsyn.com/rss

Name: Blue Box: The VoIP Security Podcast
Main Subject: VoIP Security, of course
Format: Semi-casual
Approx. Updates Per Month: 3 to 6
Recent Subjects Covered: Skype security news, interviews, VoIP fraud, recent vulnerabilities
Justification: Covers some great VoIP-related security-centered information.
Rss Link: http://feeds.feedburner.com/BlueBox

Name: TWAT Radio
Main Subject: All things technology with a slight security focus
Format: Casual
Approx. Updates Per Month: 10+
Recent Subjects Covered: Newsgroup readers, Wireless attacks for dummies, Eggdrop, Wake On Lan, Network Recon, VPNs, The GIMP, Cygwin
Justification: Covers a great deal of different technology subjects
Rss Link: http://www.twatech.org/wp-feed.php

Name: Basenet Radio
Format: Casual
Approx. Updates Per Month: 2 to 4
Justification: Underground feel, great information
Rss Link: http://www.basenetradio.net/rss2.xml

Name: LugRadio
Main Subject: Linux and Open Source
Format: Casual
Approx. Updates Per Month: 0 to 2
Recent Subjects Covered: the Portland Project, trusted computing, comparison of Linux distributions, Software Freedom Day
Justification: Possibly the most popular Linux-related podcast
Rss Link: http://www.lugradio.org/episodes.rss

Name: The Linux Link Tech Show
Main Subject: The cutting-edge in Linux-based technology
Format: Casual
Approx. Updates Per Month: 4
Recent Subjects Covered: Linux Home Automation, OpenWRT, Asterisk, Debian vs Mozilla, DRM
Justification: Lots of good Linux-related information
Rss Link: http://www.thelinuxlink.net/tllts/tllts.rss

Name: StillSecure, After all these years
Main Subject: All things related to information security with a focus on a business environment
Format: Formal
Approx. Updates Per Month: 2 to 5
Recent Subjects Covered: Interview with Steve Hanna of Juniper Networks, TCG/TNC, The IETF, 3rd party patching
Justification: This podcast includes some great interviews and information centered around enterprise security
Rss Link: http://clickcaster.com/clickcast/rss/1653

Name: Symantec Security Response Podcast
Main Subject: Security updates
Format: Formal
Approx. Updates Per Month: 2 to 4
Justification: A consistent source of security updates - great for people who are charged with defending a network for a living
Rss Link: http://www.symantec.com/content/en/us/about/rss/sr/sr.xml

Name: Network Security Blog
Main Subject: Network Security…
Format: Formal
Approx. Updates Per Month:
Rss Link: http://www.mckeay.net/secure/index.xml

Saturday, October 14, 2006

How to use your PC and Webcam as a motion-detecting and recording security camera

Web site Simplehelp has a tutorial for setting up your own motion-detecting security camera - all you need is a PC, a webcam, and a free, open source program called Dorgem.

Simplehelp's instructions are very detailed, and in the end you should have a security camera that can, for example, take pictures of intruders and upload them to a remote location via FTP (just in case the computer gets stolen). Or maybe you'll just end up with a lot of pictures of your son doing things in front of your computer that you never wanted to know about. Either way (well - not so much the second way), this is pretty cool. Works on Windows 98 and up.

Saturday, October 07, 2006

Hacking the Hacker

This "Hacker" site has Kevin Mitnick's "Art of Deception" book in pdf format. Kind of seems a little ironic...

VoIP Scanning

Interesting post on VoIP scanning...
What’s seems to be happening is that someone in France (from the IP address 82.234.27.188 from all the reports I’ve seen) is trying to find insecure SIP devices. They’re doing this by trying to make a call to 0033147310370, which appears to be a Fax machine or modem of some type in France. It’s a bit silly, actually, as ‘00′ isn’t a valid International code in lots of places - here in Australia, for example, the international dial prefix is ‘0011′, and in the US it’s ‘011′, so it’s always going to return a 404 here, no matter even if I do have a misconfigured device.
Full story here.

Friday, October 06, 2006

Friday Fun - DVD Rewinder

Time to start Christmas shopping! Get yours here.
Are you ready for HD-DVD? How about Blu-Ray? The DVD Rewinder works with any format! These new technologies can't get one up on this amazing device. Get your friends, and family out of the doldrums with the best and unique gifts on the internet. We are expanding our product line with truly unique and hard to find items.

Sunday, October 01, 2006

Non-Encrypted Hall of Shame

A list of companies who did not take prudent steps to guard their personal information.

Shopping Mall Security in the year 2017

Chris Oakley’s experimental short film, “The Catalogue” is a video scenario of what a shopping mall’s security would be like with the implementation of RFID tags used for real-time surveillance.



 
Copyright 2017 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan