Wednesday, December 30, 2009

The Coolest Data Center Video Tours

Here’s a look at five of the coolest video tours of major data centers, along with a list of links to 10 other worthwhile video tours.

Saturday, December 26, 2009

OWASP Testing Guide v3 and Secure Software Development

Thursday, December 24, 2009

Happy Holidays!


Friday, November 27, 2009

Instant Chewbacca

As you can never have enough Chewbacca

Some Interesting Password Data from MS

Do and don’ts for p@$$w0rd$

Here is a top 10 list with the most common user names used in automated attacks:

User names Count
Administrator 136971
Administrateur 107670
admin 8043
andrew 5570
dave 4569
steve 4569
tsinternetuser 4566
tsinternetusers 4566
paul 4276
adam 3287

And a similar list for passwords:


Passwords Count
password 1188
123456 1137
#!comment: 248
changeme 172
F**kyou (edited) 170
abc123 155
peter 154
Michael 152
andrew 151
matthew 151



Full story here.

Tuesday, November 24, 2009

From AVG - Facebook Worm - warning R-rated!

Thursday, November 19, 2009

Non-profit Organization - ISC(2) Teaches Va. Kids About Internet Safety

Monday, November 09, 2009

60 Minutes--Cyberwar: Sabotaging the system

Truth or Dare?


Watch CBS News Videos Online

Sunday, November 08, 2009

HNNCast for the Last Week of October, 2009

Job Security

Every year, Americans eat 35 million cows, 115 million pigs, and 9 billion chickens and turkeys.

- The New Yorker

Monday, October 26, 2009

HNNCast for the Third week of October 2009

Saturday, October 24, 2009

Balloon Boy Game (Friday Fun a Little Late)

heyzap.com - embed games

Friday, October 16, 2009

Social engineering for penetration testers

Sharon Conheady's BruCON talk discusses the practical aspects of a social engineering attack, providing plenty of war stories from her career as a social engineer. The key to preventing social engineering attacks from being successful lies in education and awareness. This talk will give the audience an insight into the techniques used by social engineers, whether as part of an ethical social engineering test or as a malicious social engineering attack.

Social engineering for penetration testers - Sharon Conheady - BruCON 2009 from security4all on Vimeo.

Thursday, October 15, 2009

30 years of Failure: the Username/Password combo.

Interesting new study, which is being published by the Human Factors and Ergonomics Society.

"The use of alphanumeric usernames and passwords is the
most often used (and also the cheapest) method of computer
authentication. However, unfortunately human beings are
limited in their information processing capabilities (Cowan, et
al., 2008). People either use simple passwords that are easy to
remember but easy to crack or difficult passwords which are
difficult to remember. Results of our study have shown that
there are very few people who do not deviate from the best
practices for password use."

Saturday, October 10, 2009

CNN Money - 50 Best Jobs in America

8. Computer/Network Security Consultant

Median salary (experienced): $99,700
Top pay: $152,000
Job growth (10-year forecast): 27%
Sector: Information Technology

What they do: Protect computer systems and networks against hackers, spyware, and viruses. "I consider myself a cybercrime fighter," says Gregory Evans, an independent computer security consultant in Atlanta.

Why it's great: No company or government agency can afford to have a serious breach in the security of its computer system. New technologies and an unending supply of creative hackers around the world keep the field challenging. Consultants can often work from home. And top-level pros command big paychecks.

Drawbacks: Talk about stress. If a system is infiltrated by a virus or hacker, it could mean lights out for the security consultant's career. "This is a job you can't afford to ever fail in," says Evans.

Pre-reqs: Mostly major geekdom, since the skills can be self-taught. Still, a computer science degree comes in handy. An information systems security professional certification (CISSP) is increasingly favored. Experience is key for better-paying positions: Most companies won't hire a consultant with less than five years of experience.

Story here.

Friday, October 09, 2009

Happy Meal?

Someone dressed an already dead deer in a clown outfit and wig, and dropped it for a family to see.

Saturday, October 03, 2009

Banking Trojan Infections Tripled.

Banking trojan infections almost tripled (up 186 per cent) between Q4 2008 and Q2 2009 according to APWG report.

Wednesday, September 30, 2009

Crooks, Trojans & Mules

Interesting report from finjan.

In the third issue of its Cybercrime Intelligence Report for 2009, Finjan shows how cybercrooks used a combination of Trojans and money mules to rake in hundreds of thousands of Euros and to minimize detection by the anti-fraud systems used by banks. After infection, a bank Trojan was installed on the victims’ machines and started communication with its Command & Control (C&C) server for instructions. These instructions included the amount to be stolen from specific bank accounts and to which money mule-accounts the stolen money should be transferred. The use of this Anti anti-fraud method signals a new trend in cybercrime.

Saturday, September 26, 2009

OWASP Podcast Series #41

David Rice, is an internationally recognized information security professional and an accomplished educator and visionary. For a decade he has advised, counseled, and defended global IT networks for government and private industry. David has been awarded by the U.S. Department of Defense for “significant contributions” advancing security of critical national infrastructure and global networks. Additionally, David has authored numerous IT security courses and publications, teaches for the prestigious SANS Institute, and has served as adjunct faculty at James Madison University. He is a frequent speaker at information security conferences and currently Director of The Monterey Group.

Listen

Friday, September 25, 2009

A Stick Figure Guide to the Advanced Encryption Standard (AES)

A very nice explanation of AES, even has example code with it...

Man sues BofA for "1,784 billion, trillion dollars"

More Friday Fun!

Dalton Chiscolm is unhappy about Bank of America's customer service -- really, really unhappy.

Chiscolm in August sued the largest U.S. bank and its board, demanding that "1,784 billion, trillion dollars" be deposited into his account the next day. He also demanded an additional $200,164,000, court papers show.

Reuters story here.

Friday Fun with the DataLoss database

The DataLoss folks have come with some fun ways of querying their data.

Start here.

Thursday, September 24, 2009

Couple's Lawsuit Against Bank Over Breach To Move Forward

So who is responsible the Bank/FI or the end user?

A U.S. District Court ruling in a lawsuit against a bank over a hacked online account has raised thorny questions about who's ultimately responsible for the breach of a customer's account.

An Illinois district court denied Citizens Financial Bank's request to dismiss a lawsuit that charges the bank was negligent in protecting a couple's bank account after their user name and password were stolen and used to pilfer $26,000 from their account. The ruling lets the couple, Marsha and Michael Shames-Yeakel, continue with their lawsuit, mostly based on their allegations that the bank failed to properly secure their account.

Full story here.

Tuesday, September 22, 2009

What Star Trek Predicts About The Future of Information Security


This is great and the future might be now...

Monday, September 21, 2009

ShmooCon 2010 - Registration

Important Dates and Deadlines

* November 1, 2009, Noon EDT - first round of ticket sales
* December 1, 2009, Noon EST - second round of ticket sales
* January 1, 2010, Noon EST - third and final round of ticket sales

Monday, September 14, 2009

Don't Copy That 2 (Official Sequel to Don't Copy That Floppy)

In this sequel to 1992's "Don't Copy That Floppy," MC Double Def DP continues his crusade against piracy in the digital age. Brought to you by SIIA (formerly SPA).

What do you think?

Thursday, September 10, 2009

Cyber War Gets Its Own Museum Show

The International Spy Museum in Washington plans will launch a cyber war show dubbed Weapons of Mass Disruption next month.

The show will be heavy on video interviews with folks such as Director of National Intelligence Dennis Blair; former Special Advisor to the President on Cyber Security Richard A. Clarke; Lee Hamilton, co-author of The 9/11 Commission Report; Sen. Christopher "Kit" Bond, vice chairman of the Senate Select Committee on Intelligence; and R. James Woolsey, former CIA director.

Story here.

Spy Museum

Tuesday, September 08, 2009

Vista/2008/Windows 7 SMB2 BSD 0Day

Is this not a one big "Well Duh"?

If you are not blocking 445 then... you have more problems than this one...

From SANS -

"We have received a report from Tyler that a vulnerability affecting Microsoft SMB2 can be remotely crashed with proof-of-concept code that has been published yesterday and a Metasploit module is out.

We have confirmed it affects Windows 7/Vista/Server 2008. The exploit needs no authentication, only file sharing enabled with one 1 packet to create a BSOD. We recommend filtering access to port TCP 445 with a firewall.

Windows 2000/XP are NOT affected by this exploit."

Monday, September 07, 2009

Free Book


Download Vulnerability Management for Dummies.

Friday, September 04, 2009

Have Skimmer, will Travel


Police in New Zealand have apprehended two Bulgarian nationals in Nelson overnight. The Bulgarians have been charged with carrying out data-skimming attacks on ATM machines in Nelson and Canterbury, the NZPA has reported on September 4. Reportedly, the police investigation is still ongoing, with authorities trying to determine whether the pair were successful in their scheme, and if so, to assess the damages.

More here.

Wednesday, September 02, 2009

Weaponizing the Web from DEFCON

Shawn Moyer and Nathan Hamiel spent some time last year looking at this problem as it related specifically to social networks. This year, they talk about a previously unnoticed attack vector for lots and lots of web applications with user-generated content, and releasing a handy tool to exploit it.



Shawn Moyer and Nathan Hamiel: Weaponizing the Web (DefCon 17) from Vim EeeeOOO on Vimeo.

Happy Birthday INET

September 2, 1969, ARPANET, the forerunner of INTERNET was developed when two computers at University of California, Los Angeles were connected on an experimental military network by a team at UCLA.

Wikipedia ARPANET Timeline

Sunday, August 30, 2009

Wachovia Banking Wizard - XSS - PoC

Full Disclosure

Friday, August 28, 2009

United Breaks Guitars

Song 1



Song 2

Tuesday, August 25, 2009

XSS AF

For the past five months, a website for investment services giant Ameriprise Financial contained bugs that allowed even low-level criminals to inject malicious content into official company webpages and steal user's cookies, according to Russ McRee of HolisticInfoSec.org who first identified the bugs.

Register story here.

Saturday, August 15, 2009

Amex cardholders' data stolen by employee

American Express Co. spokeswoman Susan Korchak said a "relatively small portion" of card members was involved, but declined to be more specific.

The small portion included me! I got the letter early this week. No new card, just told to keep an eye on things...

The former employee has been arrested and the company is investigating how the data was obtained, she said.

AP story here.

Sunday, August 09, 2009

Hack? What Hack?

Ex-worker accused of hacking into Mt. Airy computers using co-workers’ IDs to access computer from his residence.

A lot of things are wrong here, but not much hacking...

Leo Harry Hornbaker III, 37, of Bodle Road, a former employee at the Monroe County casino, is accused of using other employees’ user names and passwords to access the casino’s computer from his residence, according to arrest records filed by the state police Bureau of Criminal Investigations Unit.

Story here.

Wednesday, August 05, 2009

Top 10 most notable Black Hat/Defcon stories

Nice list... I would put Cloud Computing high on the list as folks seem to be jumping before they look.

Saturday, August 01, 2009

Malicious Insiders with Ties to the Internet Underground Community

From March, this report (.pdf) is the second in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab.

Credit Hackers - from DefCon w/Love

Christopher Soghoian is a fellow at Harvard’s Berkman Center. His paper highlights several approaches perfected by credit hackers.

Friday, July 31, 2009

Jackie Chan's Kaspersky Ad/Comercial - kind of cool, kind of...

Mitnick the victim?

On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick.

Karma?

Register story here.

Friday, July 24, 2009

Prankster Gets Verizon's CEO Private Address, Visits Him to Discuss Privacy



John Hargrave tracked down Verizon CEO's private address and cellphone number. Then he went to his home—megaphone in hand—to ask him to stop Verizon's lousy privacy policies.

One In Two Security Pros Unhappy In Their Jobs

This U?

You'd think most professionals in a hot industry like IT security would feel content and challenged technically and creatively in their jobs -- but not so much. According to the results of a new survey that will go public next week at Defcon in Las Vegas, half of security pros aren't satisfied with their current jobs, and 57 percent say their jobs are neither challenging nor fully tapping their skills.

Full story.

Thursday, July 23, 2009

Australian engulfed in flames after being Tasered

Who brought marshmallows?

A man whose relatives say had been sniffing gasoline burst into flames after a police officer Tasered him as he ran at officials carrying a container of fuel, police said Tuesday.

The man, identified by his family as 36-year-old Ronald Mitchell, was in critical condition at a Perth hospital in Western Australia state following Monday’s incident in Warburton, an aboriginal community 950 miles (1,540 kilometers) northeast of Perth.

Western Australia police said they were responding to a complaint at a house when Mitchell ran outside carrying a cigarette lighter and a large plastic bottle containing what they believe was fuel. When he refused to stop running toward them, one officer Tasered him, police said in a statement.

The man was immediately engulfed in flames. The officer threw him to the ground and smothered the blaze with his hands, the statement said. Mitchell was charged with assault to prevent arrest and possession of a sniffing substance.

More here.

Wednesday, July 22, 2009

"sudo make me a sandwich"

Tuesday, July 21, 2009

Wireshark 1.2.1 released

Mostly vulnerability and big fixes...

Official releases are available right now from the download page.

Tuesday, July 14, 2009

Is SecCon doomed?

Officials to probe color-coded terror alert system...

The Homeland Security Department will review and possibly replace the often-ridiculed multicolored terror alert system created after the Sept. 11, 2001 attacks. Since it was created in 2002, the system has been confusing and became the butt of jokes by late-night television comics.

Critics have said assigning different categories to different colors is too vague an approach to deliver enough information to be useful. And Democrats said the Bush administration used it for political manipulation.

Homeland Security Secretary Janet Napolitano appointed a task force Tuesday to determine in 60 days how effective the current system is.

More here.

Sunday, July 05, 2009

Caffeine may stop Mad Cow

"Drinking five cups of coffee a day could reverse memory problems seen in Alzheimer's disease, US scientists say."

More here.

Monday, June 22, 2009

The Security Onion LiveCD

The Security Onion LiveCD is now available! You can download it from the following location:
http://distro.ibiblio.org/pub/linux/distributions/security-onion/

What is it?
The Security Onion LiveCD is a bootable CD that contains software used for installing, configuring, and testing Intrusion Detection Systems.

What software does it contain?
The Security Onion LiveCD is based on Xubuntu 9.04 and contains Snort 2.8.4.1, Snort 3.0.0b3 (Beta), sguil, idswakeup, nmap, metasploit, scapy, hping, fragroute, fragrouter, netcat, paketto, tcpreplay, and many other security tools.

Friday, June 19, 2009

More City Fun - City asks applicants for Internet passwords

Job applicants with the City of Bozeman are finding that those private Internet discussions and pictures may not be so private after all. The city is asking job seekers for the user names — and passwords — to Internet social networking or Web groups they belong to. The decision is sparking an outcry from those who say the policy goes way too far.

Read more here.

Public Safety - City's dress code requires underwear!


If you want to work for the city of Brooksville, be sure that you use deodorant, that your clothes fit properly and that you cover up your wounds and tattoos. And, for goodness sake, wear underwear.

The Brooksville City Council approved a dress and appearance policy by a count of 4-1 this month, with only Mayor Joe Bernardini casting the dissenting vote. He questioned how the code would be interpreted and enforced.

This could be a job opportunity - undercover Underwear Inspectors!

Full story here.

Wednesday, June 17, 2009

Wireshark 1.2 Released

Wireshark 1.2.0 has been released. This is the new stable release branch of Wireshark and many new and exciting features have been added since 1.0 was released.

Universal wireless keyboard sniffer: Keykeriki


Kind of a cool thing... "This opensource hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only)."

Friday, June 05, 2009

Securing your assets.

A MIRACLE new smart-bra that BOOSTS a woman's cleavage when she feels sexy is being tested by lingerie designers.

The magic bra detects changes in body temperature brought on by sexual arousement and squeezes boobs together to create a bigger cleavage.

Then when things cool off again the bra's built-in memory relaxes the fabric and the wearer's bust returns to normal, say its Slovenian inventors.

“Designer Suzana Gorisek said: "As a woman's body changes, so the size of the bra changes. That's the advantage of this bra."

More here.

Thursday, June 04, 2009

ATM malware used in Russia lets attackers control machines.

Rhetorical question, but why would any sane person use Windows XP for an ATM???

"Trustwave investigators said malware used in several ATM breaches in Eastern Europe allows attackers to take over the machines and dump cash from them.

The compromised ATMs ran Microsoft's Windows XP, but Trustwave can't disclose the ATM software the malware targets, Percoco said."

Monday, June 01, 2009

(IN)SECURE magazine

DOWNLOAD ISSUE 21 here (June 2009).

Couple highlights -

* Using Wireshark to capture and analyze wireless traffic
* Q&A: Ron Gula on Nessus and Tenable Network Security
* Lots more, nice issue...

Using the DATALOSSdb info, Voltage releases data breach map

Kind of cool…

http://www.voltage.com/solutions/data-breach/

You can embed the map on a web page if you are so inclined...

Thursday, May 28, 2009

WNLA and Weaknet Labs Fundraiser

WeakNet Labs have announced a very cool fundraiser. They are offering WeakNet Linux Version 2.0 (WNLAv2) installed on a 4GB live USB drive for $25. All the profits from sales go to Hackers for Charity. More here.

Kids at work

Nice, makes all the other kids at work days look a little lame... But there is always next year! More than 40 children were shocked with stun guns on Take Our Daughters and Sons to Work Day.

During demonstrations at two prisons on April 23, children aged between five and 17 held hands in a circle and one was shocked with a stun gun, passing the shock around the circle. At another prison, children were shocked individually.

None was seriously hurt or taken to hospital, the state’s Department of Corrections said.

Monday, May 25, 2009

Memorial Day 2009

Take some time today to reflect on those who have given the ultimate sacrifice for our freedom. Share a story about someone you know who died while serving our country. We will always treasure those who serve...

Saturday, May 23, 2009

How not to secure your future...

Passer-by pushes suicide jumper in south China

BEIJING – Chen Fuchao, a man heavily in debt, had been contemplating suicide on a bridge in southern China for hours when a passer-by came up, shook his hand — and pushed him off the ledge.

Chen fell 26 feet (8 meters) onto a partially inflated emergency air cushion laid out by authorities and survived, suffering spine and elbow injuries, the official Xinhua News Agency said Saturday.

The passer-by, 66-year-old Lai Jiansheng, had been fed up with what he called Chen's "selfish activity," Xinhua said. Traffic around the Haizhu bridge in the city of Guangzhou had been backed up for five hours and police had cordoned off the area.

"I pushed him off because jumpers like Chen are very selfish. Their action violates a lot of public interest," Lai was quoted as saying by Xinhua. "They do not really dare to kill themselves. Instead, they just want to raise the relevant government authorities' attention to their appeals."

Wednesday, May 20, 2009

IT Security Podcast Links

Nice list of security related podcasts by GETMON.

Tuesday, May 19, 2009

Mandiant Highlighter 1.1.1 is out

Lots of nice enhancements.

Get it here.
 
Copyright 2017 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan