Secure Future - Coffee Drinking Health Benefits

Not so controversial anymore -- panel says moderate coffee drinking reduces many risks. Coffee contains hundreds of components including substantial amounts of chlorogenic acid, caffeine, magnesium, potassium, vitamin B3, trigonelline, and lignans. Limited evidence suggests that coffee may improve glucose metabolism by reducing the rate of intestinal glucose absorption and by stimulating the secretion of the gut hormone glucagon-like peptide-1 (GLP-1) that is beneficial for the secretion of insulin. However, most mechanistic research on coffee and glucose metabolism has been done in animals and in lab tubes and therefore metabolic studies in humans are currently being conducted. Further research may lead to the development or selection of coffee types with improved health effects.

More here.

The Very Secure F-22

On April 10, at Langley Air Force Base, an F-22 pilot, Capt. Brad Spears, was locked inside the cockpit of his aircraft for five hours. No one in the U.S. Air Force or from Lockheed Martin could figure out how to open the aircraft's canopy. At about 1:15 pm, chainsaw-wielding firefighters from the 1st Fighter Wing finally extracted Spears after they cut through the F-22's three-quarter inch-thick polycarbonate canopy.

Total damage to the airplane, according to sources inside the Pentagon: $1.28 million. Not only did the firefighters ruin the canopy, which cost $286,000, they also scuffed the coating on the airplane's skin which will cost about $1 million to replace.

More here.

Friday Fun w/John T Draper (AKA Captain Crunch)

Time to fire-up the wayback machine and get a little hacker history. John T. Draper (born 1944), also known as Captain Crunch, Crunch or Crunchman (after Cap'n Crunch, the mascot of a breakfast cereal), is a former phone phreak.

Read his stories here.

Uncle Sam Issues "Final" Report on Identity Theft

The President’s Task Force on Identity Theft was established by Executive Order 13402 on May 10, 2006 and the task force has just released its "final" report on identity theft. A good use of resources this task force? Maybe not so much, after looking at the IC3 report noted in the prior post below...

Top 10 Internet Crimes of 2006

According to the Internet Crime Complaint Center's 2006 annual report, auction fraud and non-delivery of items purchased are far and away the most common Internet crimes. Number three is good old fashion check fraud. Identity theft is way down near the bottom...

Virginia’s IC3 2006 Internet Crime Report.

Chicago Man Exonerated; Becomes 200th Exoneree Nationwide

This must keep some people awake at night...

In 200th DNA Exoneration Nationwide, Jerry Miller in Chicago Is Proven Innocent 25 Years After Wrongful Conviction

Innocence Project launches “200 Exonerated, Too Many Wrongfully Convicted,” month-long national campaign to address and prevent wrongful convictions

(CHICAGO, IL; April 23, 2007) – With new DNA tests proving that Jerry Miller did not commit a brutal rape in Chicago for which he was convicted in 1982, the Innocence Project said today that Miller is the 200th person in the nation exonerated through DNA evidence.

In 1981, Miller was arrested and charged with kidnapping, raping and robbing a woman in downtown Chicago. He was convicted in 1982 and served 24 years in prison. Eleven months ago, he was released on parole as a registered sex offender, requiring him to wear an electronic monitoring device at all times and prohibiting him from answering his door on Halloween or leaving his job for lunch. Miller, who served more than three years in the military, was 22 years old when he was arrested and is now 48. DNA testing on semen from the rape proves that Miller did not commit the crime – and instead implicates another man as the actual perpetrator.

Silvert Bullet Podcast - Episode 13

On the 13th episode of The Silver Bullet Security Podcast, Gary chats with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering. Gary and Ross discuss the effect of posting his excellent book on the net for free, the simple reasons why most systems fail, the economic imbalance between engineers/developers and a system’s users (with respect to who should address security), and why publicly describing attacks is essential to security engineering. They close out by examining the security implications of wearing a kilt.

Mail BITS

BITS, the business strategy and technology group for the Financial Services Roundtable, announced that it is urging its member companies to adopt three key email security protocols within the next eighteen months. In a white paper published today, entitled The BITS Email Security Toolkit: Protocols and Recommendations for Reducing the Risks, BITS also urges member financial institutions to continue working with Internet Service Providers and other business partners to tackle the problem of unwanted email or spam, phishing and email-deployed malware.

Finding Webcams w/Google

Try using the following queries:

inurl:/view.shtml

or

intitle:”Live View / - AXIS” | inurl:view/view.shtml^

The Hole - video powered by Metacafe

Friday Fun - Lady Taser

Now your Taser can match your shoes!

The TASER C2 can stop a threat up to 15 feet (4.5 meters) away, allowing you to protect yourself and your family from a safe distance. You can also use the C2 as a contact stun device to repel someone - a powerful backup capability.

TASER® technology has proven itself as the safe self-defense choice with over 500,000 uses worldwide. TASER technology is supported by dozens of independent medical reports attesting to its general safety.

Get yours here.

The Right Way

Salient comments from Sheriff Andy Taylor.

FAA Advisory - Boeing 787 Hacking

Gee, no worries here... The Federal Aviation Administration issued an advisory outlining possible wireless security threats to Boeing's 787-8 aircraft.

On-board wired and wireless devices may also have access to parts of
the airplane's digital systems that provide flight critical functions.
These new connectivity capabilities may result in security
vulnerabilities to the airplane's critical systems. For these design
features, the applicable airworthiness regulations do not contain
adequate or appropriate safety standards for protection and security of
airplane systems and data networks against unauthorized access.

Last year was a hot one for UFO sightings

One of Canada’s leading UFO researchers says there were 736 reported sightings across the country last year.

Chris Rutkowski says the 2006 Canadian UFO Survey recorded the third largest number of sightings in its 17-year history and shows there’s still a great deal of interest in unexplained phenomena in the sky.

cDc Launches - Cowfeed

A feed aggregator of all cDc-related content everywhere!

"Based in Lubbock, Texas, CULT OF THE DEAD COW (cDc) is the most-accomplished and longest-running group in the computer underground. Founded in 1984 and widely considered to be the most elite people to ever walk the face of the earth, this think tank has been referred to as both "a bunch of sickos" (Geraldo Rivera) and "the sexiest group of computer hackers there ever was" (Jane Pratt, _Sassy_ and _Jane_ magazines). The cDc is a leading developer of Internet privacy and security tools, which are all free to the public. In addition, the cDc created the first electronic publication, which is still going strong."

Virginia Tech rampage

I wish I could find the appropriate words to explicitly express how underly pathetic and sensationalistic the media coverage of this tragedy has been in general.

In my mind the only issues that should be covered at this juncture are that there has been a terrible and senseless loss of human life and that the only one at fault/to blame here - is the one who pulled the trigger...

Note: on average there are 2.4 US military fatalities every day in IRAQ - 3,308 total so far. Most the same age or younger as the VT students.

Rock Phish

A phishing demo from F-Secure showing examples created with Rock Phish - a phishing kit that allows non-technical folks to create and implement phishing attacks.

Red Tape Chronicles

Red Tape Chronicles is MSNBC.com's effort to unmask government bureaucracy, corporate sneakiness and outright scam artists.

Secure Future? Are mobile phones wiping out our bees?

No bees, no pollination, no food...

If it is phones, then why now?

It seems like the plot of a particularly far-fetched horror film. But some scientists suggest that our love of the mobile phone could cause massive food shortages, as the world's harvests fail.

They are putting forward the theory that radiation given off by mobile phones and other hi-tech gadgets is a possible answer to one of the more bizarre mysteries ever to happen in the natural world - the abrupt disappearance of the bees that pollinate crops. Late last week, some bee-keepers claimed that the phenomenon - which started in the US, then spread to continental Europe - was beginning to hit Britain as well.

Full story here.

Geek Accused of Videotaping Woman in Her Shower

Their mom called Best Buy's Geek Squad for help with their computer. Now two sisters are suing Best Buy, claiming the technician who showed up secretly taped one of them in the shower.

Full story here.

Happy Friday - One From the Vault

"The only winning move is not to play. How about a nice game of chess?"

Credit Union - Laptop Theft

"The computer was protected by two layers of security, a unique user-identifier and a multiple-character, alpha-numeric password."

Whew, that's a relief! Press release here.

The laptop was lost by a consultant from Protiviti:

"Protiviti is a leading provider of independent internal audit and business and technology risk consulting services."

Now I know where not to bank and who not to pick as my auditor...

ShmooCon 07 Videos

http://www.shmoocon.org/2007/videos/

2 Years - 709 Posts - we are still here...

From Russia with Love

I just love Russia...

An interview with a former cyber gangster, who claims to have now joined the “white hats” and was prepared to share his experience anonymously. His first name is Victor, but his last name will be kept secret. He is 30 years old and a resident of St. Petersburg, Russia.

TAOF - The Art Of Fuzzing

This website provides some useful tools for fuzzing.

A Phishing Attack Demo Against the BOA SiteKey Authentication

A demonstration of a "deceit-augmented man in the middle attack" against the SiteKey ® service used by Bank of America.

From the slight paranoia blog:

Executive Summary

We present this demonstration of a "deceit-augmented man in the middle attack" against the SiteKey ® service used by Bank of America (the underlying technology is also used by other companies). This, or a similar attack, could be used by a phisher to deceive users into entering their login details to a fraudulent website. BoA's own website tells users: "[W]hen you see your SiteKey, you can be certain you're at the valid Online Banking website at Bank of America, and not a fraudulent look-alike site. Only enter your Passcode when you see the SiteKey image and image title you selected."

See the demo here.

In the News

Sometimes GP you have to blow your own horn... Otherwise who will?

Microsoft Defends Effort to Patch Flaw
IT execs, researchers split over pace of work on ANI fix

Hugh McArthur, director of information systems security at Online Resources Corp. in Chantilly, Va., said that in general, Microsoft’s 100-day turnaround time for patching the so-called ANI vulnerability doesn’t seem all that unusual.

It wasn’t as if the software vendor was “just sitting back and doing nothing,” McArthur said. “My take is that Microsoft was hoping they could get the fix written and tested prior to an exploit being written. In this case, they didn’t make it.”

Despite all the hoopla, the vulnerability “ultimately wasn’t a big issue” for Online Resources, McArthur said. But he added that the online bill-processing company treated the threat “very seriously” and made sure that its antivirus software was up to date and that its monitoring tools were configured to detect any exploit attempts on its systems.

Hak.5 - Episode 2×09 Release (ShmooCon)

In this special episode of Hak5 the crew heads to Washington DC for ShmooCon, the only annual security conference with complementary foam balls.

Debian GNU/Linux 4.0 released

While Ubuntu is my favorite these days, these guys were the first Linux distro that I felt comfortable with...

The Debian Project is pleased to announce the official release of Debian GNU/Linux version 4.0, codenamed etch, after 21 months of constant development. Debian GNU/Linux is a free operating system which supports a total of eleven processor architectures and includes the KDE, GNOME and Xfce desktop environments. It also features cryptographic software and compatibility with the FHS v2.3 and software developed for version 3.1 of the LSB.

Using a now fully integrated installation process, Debian GNU/Linux 4.0 comes with out-of-the-box support for encrypted partitions. This release introduces a newly developed graphical frontend to the installation system supporting scripts using composed characters and complex languages; the installation system for Debian GNU/Linux has now been translated to 58 languages.

How to get it here.

Happy Easter! Whitehouse Security - Cheney Style

Opening Desk Lock with Jiggler Key

So prOn is Dangerous After all

Three Japanese naval officers who swapped pornography on their computers triggered a scandal over a possible leak of sensitive data linked to Japan's missile defence system, a newspaper said on Thursday.

Police launched a probe last week after a navy officer married to a Chinese woman was found to have taken home a computer disk containing information about the high-tech Aegis radar system, domestic media said.

Aegis is used on Japanese destroyers that are to be fitted with SM-3 missile interceptors from this year as part of the missile defence program. The officer told police he accidentally copied the confidential data onto his computer's hard disk when copying porn from a computer belonging to a crew member from another destroyer, the Yomiuri newspaper reported.

Story here.

Below the Hole

Think there might be a hacking opportunity here?

The no-tolerance policy fits Augusta National's image. The club fancies itself as the most tradition-bound of golf bodies, one that prohibits anything high-tech from disturbing the peace on its grounds. The scoreboards for the Masters are all manually operated. The only prominent clock at Augusta National is a sundial dedicated to Bobby Jones. Blimps are forbidden in the skies overhead. Even electric vacuum cleaners are taboo in the clubhouse.

All of this makes for great theater, as golfers, visitors, and TV viewers are transported back to a world free of Jumbotrons and Gnarls Barkley ringtones. But while the Masters brass has carefully cultivated a technology-hating image, all this Luddism is a façade. Beneath the club's manicured greenery lies an arsenal of technological wonders that keeps the course looking timeless and pristine. Indeed, take a deep enough divot at Augusta National and you'll unearth the most technologically advanced setup in golf.

The greens, for one, are state-of-the-art. Beneath each putting surface is a latticework of pipes, pressurized valves, electric motors, and radio controls.

I asked exactly what he was up to, all he would say was, "data collection." The club's PR department wouldn't elaborate.

Full story here.

From root kit to boot kit: Vista's code signing compromised

Good Stuff...

At the Black Hat Conference in Amsterdam, security experts from India demonstrated a special boot loader that gets around Vista's code signing mechanisms. Indian security experts Nitin and Vipin Kumar of NV labs have developed a program called the VBootkit that launches from a CD and boots Vista, making "on the fly" changes in memory and in files being read. In a demonstration, the "boot kit" managed to run with kernel privileges and issue system rights to a CMD shell when running on Vista RC2 (build 5744), even without a Microsoft signature.

Experts say that the fundamental problem that this highlights is that every stage in Vista's booting process works on blind faith that everything prior to it ran cleanly. The boot kit is therefore able to copy itself into the memory image even before Vista has booted and capture interrupt 13, which operating systems use for read access to sectors of hard drives, among other things.

More here.

Softer flashlights for LA cops

Los Angeles police have unveiled their latest tool in the fight against crime - a flashlight powerful enough to stun suspects but too lightweight to beat them with.

The new flashlight, developed specifically for the Los Angeles Police Department and expected to be acquired by police forces around the world, replaces the heavy 13-inch (33-cm) metal flashlights controversially used by city officers to strike a car theft suspect three years ago.

More here.

The 7060 LED will be available to the general public in June. More information on Pelican's 7060 is available at www.pelican7060.com.

Survey Shows Public Feels Safer in City Spaces Lit by LEDs

Seems like these type of lights would be a win/win for both improved safety/security and power consumption.

"When “LED City” Raleigh and Cree Inc. turned on new light-emitting diodes (LEDs) in the Avery C. Upchurch Government Complex’s parking garage, people’s opinions about the quality of the lighting improved threefold."

More here.

NRO: 40 Years of Reconnaissance

Forty Years of Reconnaissance. This is actually a music video about the NRO. Sample lyrics:

"And we'll be there when you call
Even Friday night's all right
We'll see and hear it all
Taking it on with all our might."

[5min, 37sec]

Go here for the video at the Internet Archive and here for more NRO videos at the Memory Hole.

Amazing "Threat Alert"

KcPentrix 2.0: LiveDVD

A liveDVD, It features a lot of new or up to date tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities

Kcpentrix is based on SLAX 5, a Slackware live DVD.