Sunday, December 31, 2006

Spy Numbers Stations on Shortwave Radio

Grandma give you a shortwave radio for Christmas? Have some fun with it here.

"59372 98324 19043 78903 95320...". The mechanized female voice drones on and on... What have you stumbled on to? Instructions to spies? Messages exchanged between drug dealers? Deliberate attempts at deception and mis-information?

Chances are, all of the above! What you've tuned in to is called a "Spy Numbers Station". They've been on the air for several decades, and only recently have the mysteries started to unfold. But there's still much we don't know about these mysterious stations. With the information on these pages, you'll discover the little that we do know about these stations, what we're still trying to learn, and how you too can tune in to the spies.

ShmooCon Reminder

January 1, 2006 - second round of ticket sales

Register here.

Let's Hope for a Happy New Year...

In a span of a few hours, 2,973 people were killed in the Sept. 11, 2001, terrorist attacks. In a span of 45 months, the number of American troops killed in Iraq has exceeded that grim toll...

"An eye for an eye makes the whole world blind."

- Mahatma Gandhi

Friday, December 29, 2006

Daddy get you a new car for x-mas? Lockpicking - BMW decoder tool

Here is a video showing the demonstration of a BMW lock decoder tool and software that allows you to open almost any BMW lock.

You are going to put your Call Center where?

Indian banks, government and commercial sites have seen a very large increase in defacements and phishing attacks in 2006 according the the CERT-In.

Analysis of defaced Indian websites year-2006 (till June) (ciwp-2006-02)

Wednesday, December 27, 2006

CISSP, CISA, and SSCP Open Study GROUP Online Quizzer

An updated version of a handy online quizzer engine for CISSP, CISA, SSCP, HIPAA, and SOX.

More info here.

Tuesday, December 26, 2006

On the Tuesday before Christmas...

my mom accidentally gave to me - An MP3 player full of pornography.

On Tuesday, Chanell Martin gave her 12-year-old daughter an early Christmas present as a reward for helping out weekends at the family's Lincoln Mall store.

Her daughter, a sixth-grader, was delighted with the black Microsoft Zune media player Martin purchased earlier that day at the Evergreen Park Wal-Mart.

But not for long.

Martin went to her room while her daughter plugged the device, which can play music and video, into the family's computer.

"She said, 'Mom -- what's this?' " Martin said. "When she handed (the player) to me she was looking at a gay orgy."

On the Zune's hard drive, Martin discovered, was about 6-- hours of hardcore gay pornography and a "slideshow" of another 62 pornographic images.

Full story here.

Sunday, December 24, 2006

Secure Air Space - Track Santa

For more than 50 years, NORAD and its predecessor, the Continental Air Defense Command (CONAD) have tracked Santa.

NORAD Santa tracker here.

Saturday, December 23, 2006

Tis The Season - Christmas.exe

Tis that time of the year when the malware writers out there are going to send their holiday cheer packed in an seasonally named file. This time it's Christmas.exe...

There is a good article about it over on f-secure. Check it out here.

New Year - New Look

Figured it was time for a new look... Let me know what you think...

Happy Holidays!

Friday, December 22, 2006

Friday Fun - Tour XM

Some Washington Post's folks took a tour of DC-based XM Satellite Radio's New York Avenue complex. At blog.washingtonpost.com...

Tuesday, December 19, 2006

The Silver Bullet Security Podcast

In the ninth episode of The Silver Bullet Podcast, has Gary McGraw interviewing Bruce Schneier. In this episode, they discuss the connection between physical security its technological component, the idea of risk management, the intersection of economics and security, and the ideas of “wholesale surveillance” and “security theater.” They also discuss patch Tuesday, hack Wednesday, and Microsoft’s approach to software security...

XSS Intro/Demo

XSS stands for cross site scripting (CSS) Since CSS is already taken by Cascaded Style Sheets, it is named XSS X standing for a Cross. It is a kind of hacking which allows you to deface websites, loggin as another user etc.

More info here.

Friday, December 15, 2006

WALSTIB or Friday Fun!

Hermaphroditic deer with seven legs ‘tasty’

Hey you smell something?

Chainsaw Wake up

Sunday, December 10, 2006

Question of the day

Things that make you go hmmm...
"Wonder if any of the Allbrittons (Joe, Robert, Barbie) will be going to Chile for the funeral of Augusto Pinochet???"

Getting Hacked Results In Armed Police Raid

A Denver woman who didn't have adequate security on her home computer paid the price.Serry Winkler was visited by several officers with a search warrant who demanded that she turn over her computer.They were investigating a case of computer fraud. The woman's computer was apparently infected by a bot or robot.

Watch video.

Full story here.

nmap-4.20 released

Just what I wanted for xmas! Nmap-4.20 has been released.

Get it here.

Thursday, December 07, 2006

Guardian comments on ".bank"

The Guardian newspaper has a story about why do museums have a secure, restricted .museum top-level domain but banks don't have .bank?

You would think that banks get phished via fake domains much more than museums do...

"There are no safeguards whatsoever against someone registering a domain name and using it for nefarious purposes," says Richard Martin, a business security consultant at the UK clearing bank group Apacs. Barnaby Davis, director of electronic banking for Barclays, says: "We're well past the tipping point when something needs to be done that makes it harder to register URLs or makes the consequences for misuse harsher."

Full story here.

Wednesday, December 06, 2006

The Cheapskate’s Infosecurity Toolbox

From CSOonline.com

A list of free-to-download tools for the budget-pinched CISO

BartPE: Preinstalled Environment
Troubled by that incessant spyware or virus that just doesn't seem to go away? Need a way to troubleshoot a system without booting the operating system installed on it? BartPE and the right plug-ins will let you do this. www.nu2.nu/pebuilder

Snort: Open Source Intrusion Detection System
Arguably the world's most used Intrusion Detection System. Both Windows and Linux binaries are available. www.snort.org

VMWare Server: A virtual environment
It finally happened: VMWare is available for free. Patch management, QA, vulnerability remediation testing and other daily activities are now available without a significant capital investment. VMWare also offers images of various environments, configurations and operating systems available for download (they're called "appliances") and ready to use in conjunction with the main product. Just download, point VMWare to the image and test away! www.vmware.com/products/server

DataRescue's IDA Pro Freeware 4.3 disassembler and debugger
Although not posted on the DataRescue site anymore, the free version of their utility will turn up with a quick Google dig. Try www.programmersheaven.com/

OllyDbg disassembler and debugger
Probably the world's most used debugger disassembler. Gives most commercial debuggers a good run for their money. www.ollydbg.de

eEye Digital Security's Binary Diffing Suite
A good, free suite of binary diffing tools you can use to see the effect that a released patch may have on your environment. Read the website, as there are some platform dependencies. research.eeye.com/html/tools/RT20060801-1.html

Cygwin: Linux-like environment for Windows
Need to run some scripts or programs that previously ran only under Linux? Do you miss your Linux command line when running Windows? www.cygwin.com

Nagios: An open-source host, service and network monitoring program
Not for security only, but Nagios can be used to monitor for events that typically have security implications. This is one that you and your CIO will agree upon. www.nagios.org

iptables and Firewall Builder: Firewall and Management Interface
Don't have the deep pockets for a Checkpoint, Cisco or Juniper? Iptables comes with most Linux distributions. Not comfortable using a command line to manage it? Firewall Builder is an intuitive way to install and manage the rule set. Get a couple of credit card CDs, create a bootable distribution, and you've got a firewall in your pocket. www.iptables.org and www.fwbuilder.org

Apache SpamAssassin: Fight Spam at the Gateway
Not really a secret to most people. With the right configuration this is difficult to beat no matter how much you spend on an antispam solution. spamassassin.apache.org/index.html

OpenSSH for Windows: Secure Shell for Windows
Because FTP is so passé (and insecure), use OpenSSH on the server side coupled with "PuTTY" and WinSCP on the client side for a cheap way to secure your file transfers. sshwindows.sourceforge.net, www.chiark.greenend.org.uk/~sgtatham/putty and winscp.net

Cheops-ng: "The Network Swiss Army Knife"
A tool for mapping and monitoring your network. This is an excellent free way to track down most of the systems on your network. cheops-ng.sourceforge.net/download.php

ACID (Analysis Console for Intrusion Databases):
An analysis engine to search and process security events generated by various intrusion detection systems, firewalls and network monitoring tools. acidlab.sourceforge.net

Body of missing CNET editor James Kim has been located

The saddest part of this story is that if Mr. Kim would of stayed with his car and family, he would sill be here. Certainly his heart was in the right place, but almost every survival expert will tell you - to say with your car especially in the winter, cold and snow...

Kim, 35, left his family's stranded car Saturday morning searching for help and never returned. Kim apparently traveled in an 8-mile circle and was found less than a mile, separated by a sheer cliff, from where his family's station wagon got stuck in the snow. Officers said there was no way to determine whether he was trying to return to his starting point or if he became disoriented.

"He was very motivated...he traveled a long way," Josephine County Undersheriff Brian Anderson said.

Related Links:

http://jamesandkati.com

Mom, 2 kids survive

A commercial satellite-imagery company said Tuesday it is rerouting one of its satellites to fly over the Oregon wilderness where rescue crews search for CNET editor James Kim.

How To Survive If Lost In Wilderness - CBS News

Firewall for RFIDs

A Platform for RFID Security and Privacy Administration - This paper is a must-read paper for anyone who cares about electronic privacy and who wants to catch a glimpse of the future...

ShmooCon '07 Tickets On Sale Now!

The Early Bird tickets for December are already sold out! If you want $75 tickets, ck back on Jan 1st.

To register for ShmooCon, click here.

Important Dates and Deadlines:
  • December 1, 2006 - first round of ticket sales
  • January 1, 2006 - second round of ticket sales
  • February 1, 2007 - last round of ticket sales
2007 Ticket Price Structure:
  • Early Bird Tickets - $75, Overall Qty to be sold - 300
  • Open Registration - $150, Overall Qty to be sold - 450
  • I love ShmooCon Tickets - $300, Overall Qty to be sold 50

Monday, December 04, 2006

Christmas Themed Hacker Challenge

Ed Skoudis's Christmas Themed Hacker Challenge...

"Hey, challenge fans! To close out the year, I've posted a Christmas-themed hacker challenge, this one based on the movie, A Christmas Story. You remember that one... with the Messy Marvin kid, the interesting lamp, and the Red Rider Beebee gun. In this challenge, you get to help Ralphie explore his Old Man's network, trying to retrieve a copy of his parent's Christmas gift list. But, be careful, or else you'll hack your eye out! Entries are due by December 22, when we'll award three winners a copy of my book."

Sunday, December 03, 2006

Criminals find way to disable internet

Very interesting post detailing how criminals are hijacking portions of the internet and thousands of sites. The internet hijackers are re-directing sites to one-page spam sites where they collect ad revenue by people clicking on the ads. Sometimes the internet hijackers are just doing it for minutes at a time, other times for hours.

Fun with Google

Example on how to find +55,000 résumés

A Headhunter's dream...

Saturday, December 02, 2006

Machines of Loving Grace

It always amazes me that this was written in 1963...

All Watched Over by Machines of Loving Grace,
by Richard Brautigan (1963)

I like to think
(and the sooner the better!)
of a cybernetic meadow
where mammals and computers
live together in mutually
programming harmony
like pure water
touching clear sky.

I like to think
(right now, please!)
of a cybernetic forest
filled with pines and electronics
where deer stroll peacefully
past computers
as if they were flowers
with spinning blossoms

I like to think
(it has to be!)
of a cybernetic ecology
where we are free of our labors
and joined back to nature
returned to our mammal
brothers and sisters
and all watched over
by machines of loving grace.

 
Copyright 2017 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan