Friday, June 29, 2007

Courthouse security camera reveals strange apparition

Are today's surveillance cameras so remarkable that they can actually capture images of spirits walking amongst the living? Sounds like the makings of an M. Night Shyamalan thriller, but a recent report out of New Mexico gives us reason to believe in specter surveillance.



Full story here.

Tuesday, June 26, 2007

So... Is there such thing as a good virus?

USB flash drive worm spreads information about AIDS.

Sophos is reporting a worm which spreads by copying itself onto removable drives such as USB flash drives, in an attempt to spread information about AIDS and HIV.

The W32/LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks (as well as spreading via network shares), and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is connected to a Windows PC. Once it has infected a system it drops an HTML file containing a message about AIDS and HIV to the user's drive.

Monday, June 25, 2007

11 Key - Lock Bumping Set

Forget picking, start bumping! BumpKey.US has a $35.00 package with the following lock bumping keys:

5 Pin Kwikset KW1, 6 Pin Kwikset KW10, 5 Pin Schlage SC1, 6 Pin Schlage SC4, 5 Pin Arrow AR1, 6 Pin Arrow AR4, 5 Pin Yale Y1, 5 Pin Dexter DE6, 5 Pin Weiser WR5, 4 Pin Master M1, 5 Pin Master M10

Minimal disclosure certificates: the case of SSO

Dr. Stefan Brands has some very interesting writings on minimal disclosure tokens (along with all kinds of excellent insight on digital identity mgmt) on his blog The Identity Corner.

Sunday, June 24, 2007

The Hacker Crackdown, Podcast, Part 001

Cory Doctorow podcasts Bruce Sterling's "The Hacker Crackdown"

Bruce Sterling's classic work highlights the 1990 assault on hackers, when law-enforcement officials successfully arrested scores of suspected illicit hackers and other computer-based law-breakers. These raids became symbolic of the debate between fighting serious computer crime and protecting civil liberties. However, The Hacker Crackdown is about far more than a series of police sting operations. It's a lively tour of three cyberspace subcultures--the hacker underworld, the realm of the cybercops, and the idealistic culture of the cybercivil libertarians.

Saturday, June 23, 2007

Inside The Mind Of A Suicide Bomber

This can't be true for children...

Suicide bombers are not mentally ill or unhinged, but acting rationally in pursuit of the 'benefits' they perceive from being part of a strict and close-knit religious enterprise, according to a University of Nottingham academic.

Research by Dr David Stevens, of the School of Politics and International Relations, suggests that the widely-held view of suicide bombers as brain-washed religious fanatics, vulnerable through youth and poverty, is not an accurate one.

Full story.

Friday, June 22, 2007

Man bursts into flames after being shot by a taser gun

Police are investigating the firey death of a man who burst into flames after dousing himself in petrol and then being shot with a taser gun. Officers used the gun after the man had poured gasoline over himself. Juan Flores Lopez, 47, died on Tuesday at a hospital in Texas.

Story here.

Wednesday, June 20, 2007

“Hacking the Homeland: Investigating Cybersecurity Vulnerabilities at the Department of Homeland Security”

A House Homeland Security subcommittee held a hearing today into security breaches, hacking and IT security failure at the Department of Homeland Security, that totaled more than 800 incidents in two years..

Harsh words from the Committee's chair Bennie Thompson -
How can the Department of Homeland Security be a real advocate for sound cybersecurity practices without following some of its own advice? How can we expect improvements in private infrastructure cyberdefense when DHS bureaucrats aren’t fixing their own configurations? How can we ask others to invest in upgraded security technologies when the Chief Information Officer grows the Department’s IT security budget at a snail’s pace? How can we ask the private sector to better train employees and implement more consistent access controls when DHS allows employees to send classified emails over unclassified networks and contractors to attach unapproved laptops to the network?

The Silver Bullet Security Podcast

On the 15th episode of The Silver Bullet Security Podcast, Gary interviews Annie Antón, Associate Professor of Software Engineering at North Carolina State University and director of theprivacyplace.org. During their discussion, Annie and Gary focus on privacy. They start with an attempt to define what “privacy” is in the digital world, moving on to Annie’s work with The Privacy Place. Annie also discusses airlines’ pretty much pitiful privacy policies, the impact that a Google/Doubleclick deal would have on consumer privacy, crazy talk in EULAs, and the book Letters to a Young Catholic (which has nothing to do with privacy).

An Easier Way Of Finding WiFi?

WeFi was founded 18 months ago and is headquartered in Mountain View, with an R&D center in Tel Aviv, Israel.

The WeFi client replaces the Windows connection manager and finds and connects to free WiFi hotspots. The location of free hotspots is displayed on a map that also shows the location of other WeFi users. The maps are regularly updated as users discover and connect to WiFi. This is delivered without changing or modifying access points, delivering a complementary service to other WiFi sharing initiatives such as fon.

Tuesday, June 19, 2007

Computer Security Contract Awarded

So who did Uncle Sam pick to protect sensitive, unclassified data residing on government laptops?
The Office of Management and Budget, U.S. Department of Defense and U.S. General Services Administration awarded 12 contracts today for blanket purchase agreements (BPA) to protect sensitive, unclassified data residing on government laptops, other mobile computing devices and removable storage media devices. The BPA’s could result in contract values exceeding $79 million.

Awardees are MTM Technologies Inc.; Rocky Mountain Ram LLC; Carahsoft Technology Corp.; Spectrum Systems Inc.; SafeNet Inc.; Hi Tech Services Inc.; immixGroup Inc.; Autonomic Resources LLC; GTSI Corp.; GovBuys Inc.; Intelligent Decisions Inc. and Merlin International.

Products are Mobile Armor LLC’s “Data Armor”; Safeboot NV’s “Safeboot Device Encryption”; Information Security Corp.’s “Secret Agent”; SafeNet Inc.’s “SafeNet ProtectDrive”; Encryption Solutions Inc.’s “Skylock At-Rest”; Pointsec Mobile Technologies’ “Pointsec”; SPYRUS Inc.’s “Talisman/DS Data Security Suite”; WinMagic Inc.’s “SecureDoc”; CREDANT Technologies Inc.’s “CREDANTMobile Guardian” and GuardianEdge Technologies’ “GuardianEdge.”
More here.

Monday, June 18, 2007

Ohio man under house arrest since 2003

A man accused of hacking a computer and storing child pornography has spent almost four years cooped up in his parents' southwest Ohio home - by far the longest period of house arrest ever served in Hamilton County, authorities said.

Jesse Tuttle, 27, was charged in 2003 with hacking into the county's computer system and storing child pornography on his home computer. Tuttle said the charges stem from computer work he was doing as an FBI informant.

Here is the fun part...

In the last four years, Tuttle has become engaged, had a daughter with his fiance and gained 50 pounds. Hours of playing video games and watching television each day in his home near this Cincinnati suburb isn't particularly healthy, he said.

"I never really got into video games before," he said. "What else do you have to do?"

More here.

Saturday, June 16, 2007

SecurityCartoon.com

http://www.securitycartoon.com/

Thursday, June 14, 2007

VoIP Security Threats

Tuesday, June 12, 2007

Flash Back - Cliff Stoll

Clifford Stoll's role in catching hacker Markus Hess in the 1980s, while Stoll was employed at the Lawrence Berkeley National Laboratory in California, led to his authoring the book The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (1989, ISBN 0-7434-1146-3). That book was/is a fascinating read and should be required reading for every security practitioner.

His 1995 follow-up book Silicon snake oil: Second thoughts on the information highway was a much more skeptical look at technology and one that was critically reviewed by many. However, I found many of his views to be very poignant and as worthwhile noting today as they were a decade ago...
"When I'm online, I'm alone in a room, tapping on a keyboard, staring at a cathode-ray tube. I'm ignoring anyone else in the room. The nature of being online is that I can't be with someone else. Rather than bringing me closer to others, the time that I spend online isolates me from the most important people in my life, my family, my friends, my neighborhood, my community."
He currently sells Klein bottles on the Web, is a "mostly" stay-at-home dad and teaches eighth graders about physics at Tehiyah Day School, in El Cerrito, California.

"A box of crayons and a big sheet of paper provides a more expressive medium for kids than computerized paint programs."

"Why is it drug addicts and computer afficionados are both called users?"

- Clifford Stoll, Silicon Snake Oil, 1995

Drive-by Video Peeping

Ontario Canada Privacy Commissioner Ann Cavoukian has issued a 16-page order, with an extensive set of guidelines, and a fact sheet on responsible video surveillance following her inquiry into a privacy breach involving a methadone clinic in Canada.

In the incident that occurred a couple of months ago, a video image of a woman providing a urine sample at a washroom in a methadone clinic in Sudbury, Ont. was accidentally intercepted by a backup camera in a vehicle that was driving by the clinic.

TrueCrypt - Free Open-Source Disk Encryption Software

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g.., file names, folder names, contents of every file, free space, meta data, etc).

How to secure your USB thumbdrive - A TrueCrypt tutorial

Saturday, June 09, 2007

PowerPoint Reveals Key to Classified National Intel Budget

Terri Everett of the Office of the Director of National Intelligence gave a Powerpoint presentation which was also hosted online, unfortunately some data behind his pie charts revealed rather more than intended. Writer R.J. Hillhouse found that she could open the chart object and extract the numbers from within.

Full story on Dr. Hillhouse's blog.

Secure Earth - Alien 'visitor' shot at Area 51

"As the jeep approached Gate 3, the OSI agent noticed the guard was missing from the required location outside the gate house. As the jeep stopped, the OSI Agent got out of the jeep to investigate.

The OSI agent walked up to the gate to check on the guard. As the OSI agent got closer to the front door of the gate, the OSI agent noticed the interior of the gate was blood splattered. The OSI agent noticed only small pieces of human body parts were left of a human being.

The OSI agent returned to the jeep and contacted the Central Security Control (main/primary security office for the complex) and reported the findings. The Director of Security contacted his office by way of a radio phone, mounted inside the jeep. The OSI agent, armed with only an automatic pistol, walked around the area searching for a perpetrator.

The OSI agent located the "Visitor," lying down near an underground water culvert. The OSI agent challenged the Visitor, ordering the Visitor to give up. The Visitor walked away, followed by the OSI agent. At some point, the OSI agent fired his weapon at the Visitor, as a warning. The Visitor, turned and pointed something at the OSI.

The OSI agent fired directly at the Visitor, hitting the Visitor directly in the chest with two rounds from the 45 caliber automatic pistol. The Visitor fell to the ground. It took about 18 minutes for additional security forces to arrive. The Visitor was placed inside a containment chamber and transported back to the S-2 facility. The Visitor recovered from the wounds."

More

Friday, June 08, 2007

Friday Fun - Stolen keys delay start of military mission

Start walking boys!
Poland's 1,200 troops assigned to NATO forces in Afghanistan will not achieve full combat readiness for up to several weeks due to stolen vehicle keys, the defense ministry said Thursday.

"We had been told a 10 percent theft rate was likely in convoys brought in from Pakistan, but we had not expected the spare car keys to go missing," defense ministry spokesman Jaroslaw Rybak told news channel TVN24.

"We shall have to send away for spares, so it may take from several days to several weeks for our contingent to become combat ready."

Full story here.

Thursday, June 07, 2007

Teacher Gets New Trial on Classroom Porn

She may of been a dolt, but she didn't deserve 40 years...
Julie Amero, left, leaves the New London, Conn., courthouse with her husband, Wes Volle, Wednesday, June 6, 2007. A judge granted a new trial Wednesday for Julie Amero, a former Norwich substitute teacher convicted of allowing students to view pornography on a classroom computer. Amero, 40, of Windham, who had no previous criminal record, faced up to 40 years in prison after she was convicted in January of exposing students to pornography on her classroom computer.

Full story.

Tuesday, June 05, 2007

“There’s a problem. It’s called Net Neutrality”

Sunday, June 03, 2007

Credit Union Don'ts

Priority One Credit Union recently sent election ballots to members. Printed on the outside of the envelope were some numbers...

Each member's account number and SSN.

Text from Letter of apology:

Important Security Message to Members

During the last week, we mailed our election ballots to members. Unfortunately, an error occurred during the distribution of this ballot, and personal information was inadvertently included above your address on the envelope. This information was not printed in a format that would be immediately recognizable, and we have no indication your personal information has been accessed or misused in any way.

We apologize for this distribution error, and deeply regret any inconvenience or concern it may cause you. Your privacy and security are our top priority, and we have taken precautionary measures to help ensure your protection.

New protocols are in place to thoroughly validate your identity before any account transaction can be made. New member authentication procedures will further ensure you are the only person who can open new accounts, apply for a loan or do business with our credit union.

We will provide, at no cost to you, a one-year membership in a credit monitoring service. Equifax will monitor your credit daily and immediately alert you if there is any unusual activity. You will soon receive a separate letter about Equifax explaining exactly how you can enroll and how the program works. If you have any questions, please call us at 626/441-1999 or 323/682-1999.

Additional operational and security enhancements will ensure this situation cannot happen again. We are committed to protecting your personal information, and will closely monitor your account for the next year. We are also happy to change your member number, upon your request.

We will take whatever steps are necessary to protect you and your confidential information, and your accounts remain safe and sound with your credit union. Please don’t hesitate to call us at 626/441-1999 or 323/682-1999 or visit your local branch if you have any questions or concerns about this issue.

In addition to the steps we are taking to protect you and your accounts, here are other security precautions you can take:

* Carefully review your accounts when you receive your statement for at least the next 12 – 24 months. You can also review your accounts online at www.priorityonecu.org. This is a good financial management practice, and an important part of keeping your financial information accurate and secure.
* Place a Security Alert on your credit bureau file. Security alerts provide added protection because they recommend creditors contact you before opening new accounts. To place a Security Alert or to obtain a copy of your credit report, please contact:
o Experian: 1-888-397-3742 www.experian.com,
o Equifax: 1-800-525-6285 www.equifax.com
o Transunion: 1-800-680-7289 www.transunion.com
* Contact the following resources for additional information and guidance relating to privacy and identity theft:
o Federal Trade Commission (FTC): 1-877-IDTHEFT www.consumer.govidtheft
o Social Security Administration’s Fraud Hotline: 1-800-269-0271
* Call us right away if you have any questions or concerns, or suspect any unusual activity, at 626/441-1999 or 323/682-1999.

We appreciate your continued support of Priority One Credit Union, and want you to know that “you are our first priority.”

Charles R. Wiggington, Sr. CEO/President

Friday, June 01, 2007

Michigan Man Fined for Using Coffee Shop's Wi-Fi Network

This story bugs me and personally, I think he should of fought this. I would think the EFF would of helped...
A Michigan man has been fined $400 and given 40 hours of community service for accessing an open wireless Internet connection outside a coffee shop.

Under a little known state law against computer hackers, Sam Peterson II, of Cedar Springs, Mich., faced a felony charge after cops found him on March 27 sitting in front of the Re-Union Street Café in Sparta, Mich., surfing the Web from his brand-new laptop.

"It wasn't anything we were looking for, and it wasn't anything that we frankly particularly wanted to get involved in, but it basically fell in our lap and it was a little hard to just look the other way when somebody handed it to us," said Lynn Hopkins, assistant prosecuting attorney for Kent County.

Under the statute, individuals who log on to a Wi-Fi network with the owner's permission, or who see a pop-up screen that says it's a public network, can assume they're authorized to use the network, Hopkins said.

If they don't, they could be subject to prosecution.

Peterson was given two choices: He could try to fight the felony charge and face a sentence of up to 5 years in jail or a $10,000 fine; or he could enroll in the diversion program, which would require paying a $400 fine, doing 40 hours of community service and staying on probation for six months.

Last week, Peterson chose to pay the fine instead as part of a jail-diversion program.
Full story.
Yoggie, an Israeli security vendor, has released USB device called Pico, a Linux-based computer on a stick that provides enterprise-level security on a home laptop or desktop PC.

Per Yoggie the Pico has:



Complete protection against

  • Viruses
  • Worms
  • Identity theft
  • Data theft
  • Phishing
  • Spyware
  • Spam
  • IP Spoofing
  • Denial of Service attacks

All-in-one Security

  • Anti Virus
  • Anti Spam
  • Anti Phishing
  • Intrusion Detection
  • Intrusion Prevention
  • Firewall (Stateful Inspection)
  • Web Filtering
  • Parental Content Control
  • Adaptive Security Policy™
  • Multi-Layer Security Agent™
  • Layer-8 Security Engine
 
Copyright 2017 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan