Securing a 'Buzz' - Just what the Doctor Ordered...

'Buzz Donut' offers sweet caffeine fix

Dr. Robert Bohannon wants you in his world. It's fast, upbeat, jovial and driven by caffeine -- lots of it.

But four to six cups of coffee a day aren't enough for Bohannon. And he believes others share his need for more options when it comes time to pursue that caffeine buzz.

So the molecular scientist who moonlights as a café owner developed a way to add caffeine to baked goods, one that eliminates the natural, bitter taste of caffeine.

"This gives people the opportunity if they want to have a glass of milk and want to have caffeine. It will get them going," Bohannon said.

The amount of caffeine in his creations can vary, but Bohannon can easily put 100 milligrams of caffeine -- the equivalent of a 5-ounce cup of drip-brewed coffee -- into the treats he plans to market under the "Buzz Donuts" and "Buzzed Bagels" names.

Full story here.

X-ray cameras 'see through clothes'

From across the pond...

The Government is considering installing X-ray cameras on lampposts to spot armed terrorists and other criminals.

According to a leaked memo seen by The Sun, "detection of weapons and explosives will become easier" if the scheme drawn up by Home Office officials is adopted.

However, officials acknowledged that it would be highly controversial as the cameras can "see" through clothing.

"The social acceptability of routine intrusive detection measures and the operational response required in the event of an alarm are likely to be limiting factors," the memo warned.

"Privacy is an issue because the machines see through clothing."

Full story here.

Kaspersky Lab releases an article about Vista and security

The Kaspersky Lab folks have released a new article entitled Vista vs. Viruses, in which Alisa Shevchenko, a Kaspersky Lab antivirus expert, analyzes various aspects of IT security with specific reference to Windows Vista.

You can read the full version of the article, Vista vs. Viruses, on Viruslist.com.

Vista Version - What would you pick?

National Security

What do you think... good thing or bad thing?

While you were sleeping (Bush took over the Government)

United States President stealthily took over the Federal Government last week through a new executive order last week that takes away all autonomy from Agencies, according to public interest organizations.

The order amends a series of previous executive orders that culminated in Executive Order No. 12,866, which the White House has used to give itself the power to review regulations before they can be officially published in the Federal Register.

Full story here:

Some "Brief" Friday Fun

From the website:

The "Brief Safe" is an innovative diversion safe that can secure your cash, documents, and other small valuables from inquisitive eyes and thieving hands, both at home and when you're traveling. Items can be hidden right under their noses with these specially-designed briefs which contain a fly-accessed 4" x 10" secret compartment with Velcro closure and "special markings" on the lower rear portion. Leave the "Brief Safe" in plain view in your laundry basket or washing machine at home, or in your suitcase in a hotel room - even the most hardened burgler or most curious snoop will "skid" to a screeching halt as soon as they see them. (Wouldn't you?) Made in USA. One size. Color: white (and brown).

To add realistic smell, check out "Doo Drops".

One Hacker Kit Accounts For 71% Of Dec Attacks

Tagged with the moniker "Q406 Roll-up," the attack kit was behind 70.9% of last month's attacks, reported Atlanta, Ga.-based Exploit Prevention Labs. Up to a dozen different exploits make up the kit, which includes several exploits derived from the proof-of-concept code that researcher HD Moore published in July 2006 during his "Month of Browser Bugs" project.

Exploit Prevention Labs launched a line of exploit detection tools -- LinkScanner Lite and LinkScanner Pro -- in November. The former is free, while the latter is priced at $19.99 for a one-year subscription.

More info here:

Low Tech Fix for High Tech Problem

Handheld Paper Shredder The Shredder Hand is the most convenient and compact way to get rid of those expired coupons, unwanted papers and old, confidential paper documents. At first glance it's just a pair of scissors, but with further exploration you will see that you can shred documents, or just parts of documents, without any electric or battery-operated power. Being the cheapest shredding option around it is amazing to think that it also has a long life and is small enough to be transported easily from the home to the office or classroom.

The Silver Bullet Security Podcast

The tenth episode of The Silver Bullet Security Podcast features a panel discussion with the Fortify Software Technical Advisory Board, several of whom have been featured on previous episodes. The group discusses what commercial software tools can learn from academic research, the state of software security in China, real world lessons learned while using static analysis tools, and software security pedagogy.

Aircrack-ng 0.7 is Released

aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact aircrack is a set of tools for auditing wireless networks.

Aircrack-ng is the next generation of aircrack with lots of new features (planned and wanted).

Risky Business - Greynets

We know very well that many security breaches occur due to simple human error. While most people know by now, not to write down passwords and/or leave their laptops unprotected, they may not know about a relatively new threat: greynets.

A new FaceTime study reports -

2007's Biggest Risk: Employees Undermining Corporate Security

The danger of this new breed of malware is compounded by the increasingly risky behavior of today's employees, who frequently introduce consumer greynet applications onto the corporate network– most often without the sanction of their IT department. The user is squarely at the cornerstone of enterprise security concerns, according to FaceTime's Second Annual Greynets Survey (October, 2006). The survey revealed that:

• Four in ten end users (39%) believe they should be allowed to "install the applications they need on their work computers," independent of IT oversight or policy.
• Fifty-three percent of end users report they "tend to disregard" company policies that govern greynet usage, specifically IM and peer-to-peer file sharing.
• Eight in ten IT managers are at locations that have experienced greynet-related attacks within the last six months
• The number of greynet applications installed on a typical enterprise network have increased dramatically; work locations where eight or more greynet applications are in use have doubled, growing from 20 percent of all locations in 2005 to 41 percent in 2006.
• Sixty percent of managers report that within the past six months, security attacks have been more likely to have invisible effects (like keyloggers) rather than outcomes apparent to the end user, such as a hijacked browser, making compromised PCs more difficult to detect.

Swedish bank hit by 'biggest ever' online heist

Two take-aways from this story...

One - this wasn't an online bank heist, this was just a plain old dumb user heist.

Nordea spokesman for Sweden, Boo Ehlin, said that most of the home users affected had not been running antivirus applications on their computers.

Ehlin blamed successful social engineering for the heist, rather than any deficiencies in Nordea's security procedures.

"It is more of an information, rather than a security problem," said Ehlin. "Codes are a very important thing. Our customers have been cheated into giving out the keys to our security, which they gave in good faith."

Two - why should the bank be responsible for this? If I break into your house and steal your checkbook and/or a credit card, is the bank responsible? How is this different?

The bank has borne the brunt of the attacks and has refunded all the affected customers.

RF Jammer

Ninja Strike Force member Lady Ada has posted a design for a self-tuning, microprocessor controlled, wide band RF jammer.

This website details the design and construction Wave Bubble: a self-tuning, wide-bandwidth portable RF jammer. The device is lightweight and small for easy camoflauging: it is the size of a pack of cigarettes.

Lost HOPE?

2600 Magazine's hacker conference Hackers On Planet Earth (HOPE) has been held at the Hotel Pennsylvania since 1994...

HOTEL PENN THREATENED WITH DEMOLITION - HOPE CONFERENCES IN JEOPARDY

We received this disturbing news earlier in the month. Apparently the realty company that owns the Hotel Pennsylvania, site of our HOPE conferences, wants to tear down the historic hotel and replace it with a huge financial tower. Such a move could spell the end of HOPE.

The Hotel Pennsylvania was built in 1919 and has a very rich history. It has been home to many a "big band" concert in its early years and was the inspiration for the famous Glenn Miller song "PEnnsylvania 6-5000," a phone number that still rings at the Hotel Pennsylvania switchboard. The building itself, as any HOPE attendee knows, is filled with hidden corridors, rooms, and even floors. Being right across the street from Penn Station (New York's main train station), it's extremely easy to get to for those coming to New York for the first time. And because it's not an overly expensive place to stay, it's proven very popular for travelers from all over the world.

We've hosted five HOPE conferences at the Hotel Pennsylvania since 1994 and the next one is set for 2008. In preparation for this, and to discuss the fate of the hotel among other things, we are today launching a web-based forum for all things HOPE-related. You can reach this brand new forum at talk.hope.net.

Secure Relationship?

1 in 8 men would dump their girlfrend for an iPod

Yes, this is a fairly silly survey conducted on behalf of a company that wants you to use it to buy more gadgets. But still, the fact that one in eight men would apparently consider swapping their partner for the latest iPod, widescreen TV, home cinema system or fridge freezer is pretty shocking.

Full story here.

Verisign's ongoing Quarterly Vulnerability Challenge

Computer security firm Verisign (iDefense) is offering some hefty bounties on vulnerabilities reported in Microsoft's Windows Vista operating system and IE7 web browser. It's a part of Verisign's ongoing Quarterly Vulnerability Challenge, where hackers of the world are invited to exploit various categories of software for fun and profit...

Vulnerability Challenge Ground Rules:

• The vulnerability must be remotely exploitable and must allow arbitrary code execution in a default installation of one of the technologies listed above
• The vulnerability must exist in the latest version of the affected technology with all available patches/upgrades applied
• 'RC' (Release candidate), 'Beta', 'Technology Preview' and similar versions of the listed technologies are not included in this challenge
• The vulnerability must be original and not previously disclosed either publicly or to the vendor by another party
• The vulnerability cannot be caused by or require any additional third party software installed on the target system
• The vulnerability must not require additional social engineering beyond browsing a malicious site

Security Now 74: Peter Gutmann On Vista Content Protection

Steve Gibson's Security Now podcast just aired a very good interview with Peter Guttman, the security researcher who wrote "A Cost Analysis of Windows Vista Content Protection".

Personal Security - Dirty Hospitals

Two million patients are infected in hospitals each year and 90,000 of those Americans die.

Of every 20 people who go into a U.S. hospital, one of them picks up something extra: an infection. It's a lousy card to draw. Infection stalls recovery, sometimes requiring weeks of intravenous antibiotics or a grueling round of surgeries to remove infected tissue. And for 90,000 Americans a year, the infections are a death sentence.

Full story here.

WTF or TGIF... It's Friday - Teacher found guilty of exposing kids to smut

State Prosecutor David Smith said he wondered why Julie Amero didn't just pull the plug on her classroom computer.

The six-person jury Friday may have been wondering the same thing when they convicted Amero, 40, of Windham of four counts of risk of injury to a minor, or impairing the morals of a child. It took them less than two hours to decide the verdict. She faces a sentence of up to 40 years in prison.

Full story here.

Those poor kids! I imagine they will be scared for life and their morals impaired forever...

Secure World? Not

George W. Bush told Americans he would send over 20,000 more U.S. troops to halt Iraq's collapse into civil war.

The surge in troops will do nothing to change the underlying dynamics that continue to drive the violence in Iraq: deep-seated religious, ethnic, and tribal divisions and hatreds; and a high and rising level of antipathy among Iraqis across the sectarian divide towards the continuing occupation of their country by Western armies...

Bedtime reading...

http://www.metaeye.org/

Metaeye defines itself as metamorphic security that relates to definite change in the structural components of computer security with the passage of time and to incarnate itself by providing protective and innovative solutions.The Metaeye generically sets an element of metamorphism to this present security world.

Did the NSA Fix Vista?

Things that make you go hmmm... Wonder what else they have stuck in there?

When Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency.

For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system -- the brains of a computer -- to protect it from worms, Trojan horses and other insidious computer attackers.

Full story here.

That's Nice... Do Something That Looks Illegal, But Isn’t, Then Sue

Woman settles case over flour-filled condoms

A U.S. college student imprisoned for three weeks for trying to take flour-filled condoms onto an airplane has settled her lawsuit against Philadelphia for $180,000, a city spokesman said on Friday.

Janet Lee, 21, a student at Bryn Mawr College in Pennsylvania, was arrested at Philadelphia International Airport in 2003 after police and security officials thought the flour was an illegal drug.

She was held in Philadelphia on drug-trafficking charges and released only when tests proved the substance in the three condoms was flour.

The condoms, which are sometimes used to smuggle drugs, were a joke among the students, and Lee was taking them home to Los Angeles.

Her civil rights case against Philadelphia, which had been set to go to trial on Thursday, was settled for $180,000, said Ted Qualli, spokesman for Philadelphia Mayor John Street.

System/Software Inspection Tool

Secunia Software Inspector is a handy new online tool. Do you think this is a good thing? Or a great way to collect data?

Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.

ShadowServer

The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud.

Their recent Bot numbers here.

Early Warning Bark Worse Than Bite

An Israeli firm has designed a security system to ensure jailbreakers or intruders find a guard dog's bark can indeed be worse than its bite.

Harnessing technology that interprets barking -- to see if an animal is responding to a threat instead of just routinely woofing -- the company aims to replace or supplement expensive electronic surveillance systems.

"There is currently very little utilisation of the watchdog's early warning capabilities," says privately owned manufacturer Bio-Sense Technologies, based in the Israeli town of Petah Tikva,on its Web site.

Full story here.

Life and Death? Medical Identity Theft

Business Week has an article about the risk of “medical identity theft”.

When Lind Weaver opened her mailbox one day in early 2004, she was surprised to find a bill from a local hospital for the amputation of her right foot. Surprised because the 57-year-old owner of a horse farm in Palm Coast, Fla., had never had worse than an ingrown toenail.

WikiLeaks

WikiLeaks good or bad thing?

WikiLeaks is developing an uncensorable version of WikiPedia for untraceable mass document leaking and analysis. Our primary targets are highly oppressive regimes in China, Russia, central eurasia, the middle east and sub-saharan Africa, but we also expect to be of assistance to those in the west who wish to reveal unethical behavior in their own governments and corporations.

More Friday Fun with Tasers!

Nothing better than watching "B" celebrities get tasered!

Friday Fun - Police hold camel over murdering a buffalo!

The camel got it in the end anyway... Full story here.

Abdul Waris Ali Shah, a resident of the area, had tied up his camel he had bought for Rs 38,000 for sacrifice. Sometime later, another resident of the same area Gulfam tied his sacrificial buffalo near the camel.

In the night, the camel fell upon the buffalo, bit the latter in the chest and gave it numerous blows with its front legs and killed it.

The other day when Gulfam, reached the spot to pick up his buffalo, he found it dead and rushed to the nearby police station to lodge an FIR against Abdul Waris.

And, interestingly, the police took the camel into custody, apparently for murdering the fellow mammal!!

Domaintools.com

Like other sites like DNSstuff.com, etc. Domaintools.com offers some handy online tools - many are for free. One of the things I like about Domaintools is that you can subscribe to an alert service that will let you know when a new domain with certain keywords has been registered. This can be a helpful tool for identifying Phishing sites before the emails start to fly...

Check them out here.

Computer Hacker Steals $150,000 from Portage County Clerk of Courts Office

Read between the lines and I don't think this was a "hack" at all but just an old fashion case of fraud. This whole story seems a tad ignorant...

"With computers today you don't have to be anywhere close to the scene to commit some serious thefts..The ability to bank electronically is a major convenience to us but a huge security risk," said Stevens Point Police Chief Jeff Morris.

Chief advises that if you have an on line bank account check it daily. Also beware of people asking for your PIN, Social Security number or other information over the Internet.

Detecting temperature through clock skew

Steven Murdoch's presentation about how people can unmask an anonymous online publisher by remotely monitoring his computer's temperature.

Even if that computer moves location and changes ISP, it can be later identified through this clock skew. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computers environment, which has wide-scale implications on security and privacy.

Secure Future - Toddler Found Playing Along Busy Highway

Hopefully this scary event is the key to a safe and secure new year for this innocent boy and his sister...

(12-31) 12:22 PST Indianapolis (AP) --

Drivers swerved cars and trucks into other lanes to avoid a 3-year-old boy, wearing only a diaper and T-shirt, who was playing along a busy highway after wandering away from home while his mother slept, police said.

Some motorists stopped along Interstate 465 on the city's west side Saturday to take care of the boy until officers arrived, the Indiana State Police said.

Police said they traced the toddler to an apartment at a nearby complex, where they found his mother, Nancy Dyer asleep in a filthy apartment and his 2-year-old sister eating spaghetti off the floor.

Child Protective Services took the boy and his sister into custody, and investigators said the agency also had been called to the apartment Thursday because the boy was outside unsupervised.