Bloggers following the emergency communications flow in New Orleans report that some frequencies are being actively jammed. This post on Jacob Appelbaum's blog points to speculation that a government agency may be responsible for some of that activity.
Wednesday, September 07, 2005
He Picked the Victims From a Sheriff's Web Site
Satellite images to sex offenders, are we placing too much information for our own good on the web? In our zest to share, are we risking the safety of our workplaces and families?
Mullen told authorities he targeted at least one of the two men after checking the county sheriff's Web site July 13, according to the police statement.
Tuesday, September 06, 2005
Artists Against 419
Interesting site working to stop fake bank sites-
An international community of individuals dedicated to fighting advance fee "419" fraud through artistic means! The images on this site are loaded from fraudulent Web sites that are being used in active scams, defrauding people of their money; by visiting this site, you are costing a scammer money.
Monday, September 05, 2005
Everthing Comes in Threes - Ready for #3?
If FEMA goes three for three in its predictions — if the Big One rattles San Francisco — will we be ready?
In early 2001 the Federal Emergency Management Agency listed what it believed were the three most likely disasters to face the United States in coming years. One was a terrorist attack on New York City. The second was a hurricane-spawned flood of New Orleans.
Kind of makes you want to know what the third one is, doesn't it? The third is a major earthquake in San Francisco.
The first two have come to pass in under five years. And in both cases, the post-mortems have had two main elements: How could this have been prevented, and could it have been handled better once it occurred?
Sunday, September 04, 2005
Personal Security - Bet Your Life?
What do you think? Is life as we know it ending?
Following these remarks is a brilliant piece of reporting by the American Progress Action Fund. It makes a clear case for what we are all now suspecting and seeing: the Bush administration is horribly mismanaging relief efforts along the Gulf Coast. Several things are now becoming clear. It is unlikely that New Orleans will ever be significantly rebuilt. When we talk about collapse as a result of Peak Oil, New Orleans is an exemplary – if horrifying – glimpse of what it will look like for all of us. In the case of New Orleans, however, it’s happening about two or three times as fast as we will see it when Peak Oil becomes an unavoidable, ugly, global reality. How long? Months. If we’re lucky, a year. As of August 2005 it’s not just a race to make sure that a particular region is not eaten by warfare and economic collapse. Mother Nature is obviously very hungry too. What region will be the next to go? What sacrifices can be offered before the inevitable comes knocking at our own personal door? Who can be pushed ahead of us into the mouth of the hungry beast in the hopes it will become sated?(more)
How low can human beings sink? Keep watching the news. It’s not the first time civilizations have collapsed. This has all happened many times before. This behavior is not new. What is new — but is now dying — is our enshrined belief that there were to be no consequences of our reckless consumption and destruction of the ecosystem. What is now dying a horrible death is America’s grotesque global arrogance, brutality and cupidity.
Saturday, September 03, 2005
Gumshoe chases Internet villains in Eastern EU
A good (albeit long) article about the 'good guys' chasing the 'bad guys' all over the virtual and real worlds.
Microsoft's Enforcement Team employs 65 people world-wide, including former policemen, lawyers and paralegals. The group, which gets a seven-figure annual budget, has 25 investigators including Mr. Fifka.
Friday, September 02, 2005
Hacking in Iraq, Interview with Jake Appelbaum
This is from back in April, but I think it makes for an interesting read.
Jake Appelbaum (ioerror) talks about the satellites he was setting up in Iraq on his vacation along with all sorts of hackery. A fascinating account of why he was over there and of hacking the border, internet connections, handing out Knoppix CDs, video blogging, and some other amazing stuff...
Incredible Tales Beginning to Emerge — told by bloggers
READ THIS NOW!
The Interdictor — A Live Journal Report from a blogger in New Orleans. These stories are going to get worse. I think blogging will be here to stay after these reports start to pile up.
More photos (here)
Thursday, September 01, 2005
Wil Wheaton runs a Poker Charity Tournament for Katrina
Wil Wheaton: "I sat in my living room, and flipped between CNN and The Weather Channel. My mind struggled to process the catastrophic devastation unleashed by Katrina. Tears filled my eyes and spilled down my face as the magnitude of this disaster set in. I realized that the last time I felt this way was during the tsunami, and 9/11 before that...."I have to do something," I thought, "but what?"...read on"
Will has all the information for anyone wanting to join the tournament.
Will has all the information for anyone wanting to join the tournament.
Wednesday, August 31, 2005
Federal Data Mining an Invasion of Privacy
A new report says federal agencies using electronic data mining techniques are running afoul of Government rules to protect privacy rights. The report by congressional investigators says none of the 5 federal agencies who use data mining are following all of the rules for gathering such personal information, and as a result, there's no way to be sure that individual privacy rights are being properly protected. The Government Accountability Office says the failure to follow the rules has increased the risk that personal information could be exposed or changed, or has made it harder for people to keep track of their personal data. The agencies like the FBI and the IRS has been using data mining to track terrorists, catch criminals or prevent fraud.
We Should all Sleep Better Now...
When FBI supervisors in Miami met with new interim U.S. Attorney Alex Acosta last month, they wondered what the top enforcement priority for Acosta and Attorney General Alberto Gonzales would be.
Would it be terrorism? Organized crime? Narcotics trafficking? Immigration? Or maybe public corruption?
The agents were stunned to learn that a top prosecutorial priority of Acosta and the Department of Justice was none of the above. Instead, Acosta told them, it's obscenity. Not pornography involving children, but pornographic material featuring consenting adults.
Would it be terrorism? Organized crime? Narcotics trafficking? Immigration? Or maybe public corruption?
The agents were stunned to learn that a top prosecutorial priority of Acosta and the Department of Justice was none of the above. Instead, Acosta told them, it's obscenity. Not pornography involving children, but pornographic material featuring consenting adults.
Is it Possible to Have a Secure Disaster?
Natural disasters like Hurricane Katrina often pave the way for looting, price gouging, and other opportunistic scams -- including identity theft. Most Gulf Coast residents are still in survival mode, focused on keeping themselves, their loved ones, and their belongings out of harm's way. But as they deal with the devastation, how can they safeguard their personal information to keep identity thieves from compounding their problems?
Think about all of the data/information that is now lost and/or in the open in New Orleans. Think of all the fuss that has been made in the past over just one missing tape. How many tapes do you think are floating down Bourbon Street this AM?
How many corporate DR plans were up for the task? It is one thing to be a large company with just offices in the area, but what if your headquarters (and DR site) were in the path Katrina? Could your company operate in an area under water and Martial Law?
Think about all of the data/information that is now lost and/or in the open in New Orleans. Think of all the fuss that has been made in the past over just one missing tape. How many tapes do you think are floating down Bourbon Street this AM?
How many corporate DR plans were up for the task? It is one thing to be a large company with just offices in the area, but what if your headquarters (and DR site) were in the path Katrina? Could your company operate in an area under water and Martial Law?
New Search Engine Based on Unintended Information Revelation (UIR)
I hope there is a lot of testing, discussion and debate before something like this is deployed. False positives could be very scary...
Existing search engines process individual documents based on the number of times a key word appears in a single document, but UIR constructs a concept chain graph used to search for the best path connecting two ideas within a multitude of documents.
To develop the method, researchers used the chapters of the 9/11 Commission Report to establish concept ontologies – lists of terms of interest in the specific domains relevant to the researchers: aviation, security and anti-terrorism issues.
"A concept chain graph will show you what's common between two seemingly unconnected things," said Srihari. "With regular searches, the input is a set of key words, the search produces a ranked list of documents, any one of which could satisfy the query.
"UIR, on the other hand, is a composite query, not a keyword query. It is designed to find the best path, the best chain of associations between two or more ideas. It returns to you an evidence trail that says, 'This is how these pieces are connected.'"
The hope is to develop the core algorithms exposing veiled paths through documents generated by different individuals or organisations.
Tuesday, August 30, 2005
Chinese researcher warns of nude Web chats
Practice safe chatting - do we need condoms for web cams?
A Chinese researcher has warned of a new threat to public health and morality - naked Internet chatting. Up to 20,000 Chinese Internet users log on to chatrooms each night in which users in various states of undress talk to each other with the help of Web cams, the Shanghai Daily newspaper said Tuesday, citing China Youth Association researcher Liu Gang.
"At first, we thought if was merely a game for a few mentally abnormal people," the paper quoted Liu as saying. "But as our research continued, we found the problem was much larger than expected," Liu said.
A Chinese researcher has warned of a new threat to public health and morality - naked Internet chatting. Up to 20,000 Chinese Internet users log on to chatrooms each night in which users in various states of undress talk to each other with the help of Web cams, the Shanghai Daily newspaper said Tuesday, citing China Youth Association researcher Liu Gang.
"At first, we thought if was merely a game for a few mentally abnormal people," the paper quoted Liu as saying. "But as our research continued, we found the problem was much larger than expected," Liu said.
Needle Exchange For Hackers (not!)
Ok article, but not necessarily a good analogy. An addict turns in a dirty needle and gets a clean one – no exchange of information is required. The “hackers” aren’t turning in their tools. This is closer to a slut vs. a prostitute – one gets paid the other doesn’t and either way, everyone involved gets a little dirty...
Needle exchange programs operate on the gritty premise that junkies will shoot up regardless of risk, so you might as well give them clean needles to prevent the spread of disease. That's the same kind of logic behind programs such as iDefense's Vulnerability Contributor Program (VCP) and 3Com/TippingPoint Technologies' new Zero Day Initiative (ZDI), which pay independent researchers for newly discovered software vulnerabilities. Hackers will never stop uncovering flaws, so you might as well encourage them with cash payouts to report those vulnerabilities to a trustworthy security company. The company then shares this information with customers and affected vendors, and waits until a patch is available before publicly announcing the vulnerability. "We're doing the QA that vendors should have done before they ever put the product on the shelf," says Michael Sutton, director of iDefense Labs and the VCP. "Vendors benefit because they get advanced warning, and end users benefit because they get vulnerabilities patched."
Monday, August 29, 2005
Portable Freeware Collection
A site dedicated to the collection and cataloguing of freeware that can be extracted to any directory and run independently without prior installation. These can be carried around on a memory stick / USB flash drive, or copied / migrated from PC to PC via simple copying of files. Hence the term portable freeware...
Same Church, different pew...
The Portable Virtual Privacy Machine - Carry your entire Internet communication system on a tiny USB drive. Contains a complete virtual Linux machine with privacy-enabled Open Source Internet applications. No installation needed - just plug the drive into any Windows or Linux computer, and click on the Virtual Privacy Machine icon and you're ready to go.
Police chief- Lockerbie Evidence was Faked
Think this is the first and/or last time?
"A FORMER Scottish police chief has given lawyers a signed statement claiming that key evidence in the Lockerbie bombing trial was fabricated.
The retired officer - of assistant chief constable rank or higher - has testified that the CIA planted the tiny fragment of circuit board crucial in convicting a Libyan for the 1989 mass murder of 270 people."
"A FORMER Scottish police chief has given lawyers a signed statement claiming that key evidence in the Lockerbie bombing trial was fabricated.
The retired officer - of assistant chief constable rank or higher - has testified that the CIA planted the tiny fragment of circuit board crucial in convicting a Libyan for the 1989 mass murder of 270 people."
Sunday, August 28, 2005
Friday, August 26, 2005
Microsoft - Security at Home Videos
Microsoft has a nice collection of free online security videos for educational or training purposes for home users on how to protect against computer viruses, spyware, spam, etc.
Security Now! with Steve Gibson
A weekly look at hot topics in security from the creator of ShieldsUP and Spinrite (and TWiT regular). Released every week by midnight Thursday, just in time for your weekend podcasting...
The feed URL is: http://feeds.feedburner.com/securitynow
The feed URL is: http://feeds.feedburner.com/securitynow
Thursday, August 25, 2005
A Socio-Technical Approach to Internet Security
Interesting research grant from the NSF:
Technical security measures are often breached through social means, but little research has tackled the problem of system security in the context of the entire socio-technical system, with the interactions between the social and technical parts integrated into one model. Similar problems exist in the field of system safety, but recently a new accident model has been devised that uses a systems-theoretic approach to understand accident causation. Systems theory allows complex relationships between events and the system as a whole to be taken into account, so this new model permits an accident to be considered not simply as arising from a chain of individual component failures, but from the interactions among system components, including those that have not failed.
This exploratory research will examine how this new approach to safety can be applied to Internet security, using worms as a first example. The long-term goal is to create a general model of trustworthiness that can incorporate both safety and security, along with system modeling tools and analysis methods that can be used to create more trustworthy socio-technical systems. This research provides a unique opportunity to link two research disciplines, safety and security, that have many commonalities but, up to now, relatively little communication or interaction.
Why We Must Leave Iraq
Larry Johnson is far from being an anti-war advocate, but he is an intelligence expert and his opinions come from the many years of experience he has attained.
Tuesday, August 23, 2005
Blue Sky and Fresh Air
Via the WiFi at Rapid City SD Airport...
Where I was - http://www.spearfish.com/canyon/
Live from Deadwood
Regular stuff tomorrow...
Where I was - http://www.spearfish.com/canyon/
Live from Deadwood
Regular stuff tomorrow...
Wednesday, August 17, 2005
Believe Nothing You Read...
...and only half of what you see.
Like it or not, fake images are everywhere and have become a part of today's culture. Thanks to the popularity of digital cameras and the availability of desktop imaging software that allows users to easily manipulate images, fake images have become commonplace, especially on the Internet.
Like it or not, fake images are everywhere and have become a part of today's culture. Thanks to the popularity of digital cameras and the availability of desktop imaging software that allows users to easily manipulate images, fake images have become commonplace, especially on the Internet.
Unmanned Planes Patrolling Borders
Customs and Border Protection, a part of the Department of Homeland Security, has tested UAVs along the Mexican border, and is considering using these surveillance planes permanently. The Coast Guard, also under the umbrella of Homeland Security, has bought 45 of Bell Helicopter’s “Eagle Eye” tilt-rotor UAVs and will begin rolling them out in September.4 Each Eagle Eye costs $5.5 million.
'Home banking hacker' arrested
Self-confessed home banking hacker Pieter Miclotte has been arrested on charges of fraud. Miclotte reported to Ghent police on Friday 8/12, just hours after Belgian media quoted him saying that thieving via home banking is as easy as plundering a shop with its doors open. He told newspaper 'Het Laatste Nieuws' that he'd robbed customers of two banks, namely ING and Keytrade, via online banking. He claimed to have stolen thousands of euros in recent weeks. Miclotte said he gained access during chat sessions to the computers of other online chatters and went looking for information about their banking and bank access codes. He allegedly used those codes to transfer large sums of money to his own accounts.
Tuesday, August 16, 2005
Guard against Social Engineering Attacks
I am delighted to report the release of a marvelous device to guard against social engineering attacks: http://www.stopabductions.com/Users have reported that since wearing one, they have not once succumbed to numerous invitations to update their details at PayPal and/or a variety of banks. One user was briefly tempted to collect his winnings from a lottery he had never entered and to assist the survivors of a former West African dictator tragically killed in a plane crash in 1998 to repatriate a trunk full of money, but then he discovered the rear of the anti-social-engineering device had ridden up, temporarily exposing his amygdyla to the harmful thought rays.
It has also been reported that the device also protects against mobile phone radiation. Scientists have been unable to confirm whether a slight increase in head temperature since wearing the device is due to GSM-induced cerebral currents or reduced convective cooling.
Monday, August 15, 2005
The third issue of (IN)SECURE
A free digital security magazine published in PDF format: http://www.insecuremag.com
The covered topics are:
- Security vulnerabilities, exploits and patches
- PDA attacks: palm sized devices - PC sized threats
- Adding service signatures to Nmap
- CSO and CISO - perception vs. reality in the security kingdom
- Unified threat management: IT security's silver bullet?
- The reality of SQL injection
- 12 months of progress for the Microsoft Security Response Centre
- Interview with Michal Zalewski, security researcher
- OpenSSH for Macintosh
- Method for forensic validation of backup tapes
shmoocon 2006 - Register Today!
An annual East coast hacker convention hell-bent on offering an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, as well as open discussion of critical information security issues. ShmooCon 2006 will be January 13-15, 2006, in Washington, D.C..Pre-registration is open. $75 gets you in the door this year if you sign up by October 1st. Space is limited once again, so getting a seat early is encouraged.
a nonist public service pamphlet — Without question one of the best commentaries written about blogging you’ll ever see. Great stuff. There is a growing epidemic in the cyberworld. a scourge which causes more suffering with each passing day. as blogging has exploded and, under the stewardship of the veterans, the form has matured more and more bloggers are finding themselves disillusioned, dissatisfied, taking long breaks, and in many cases simply closing up shop. this debilitating scourge ebbs and flows but there is hardly a blogger among us who has not felt it’s dark touch. we’re speaking, of course, about blog depression.
we here at the nonist have spoken before about the “blog life crisis” which is a natural part of any blog’s life-span. what we turn our attention to now, however, is the more insidious, prolonged strain of dissatisfaction which stays with a blogger, right below the surface, throughout a blog’s lifetime.
Bored on the phone? Beware the Jerk-O-Meter
Researchers at the Massachusetts Institute of Technology are developing software for cell phones that would analyze speech patterns and voice tones to rate people -- on a scale of 0 to 100 percent -- on how engaged they are in a conversation.
Anmol Madan, who led the project while he pursued a master's degree at MIT, sees the Jerk-O-Meter as a tool for improving relationships, not ending them. Or it might assist telephone sales and marketing efforts.
"Think of a situation where you could actually prevent an argument," he said. "Just having this device can make people more attentive because they know they're being monitored."
(Item sent in by regular reader - Thanks, Dan!)
Anmol Madan, who led the project while he pursued a master's degree at MIT, sees the Jerk-O-Meter as a tool for improving relationships, not ending them. Or it might assist telephone sales and marketing efforts.
"Think of a situation where you could actually prevent an argument," he said. "Just having this device can make people more attentive because they know they're being monitored."
(Item sent in by regular reader - Thanks, Dan!)
Saturday, August 13, 2005
Secure Planet?
Fear of a Warm Planet...
Here's the kind of stuff that can keep you awake at night. It's scary because it's real.
Here's the kind of stuff that can keep you awake at night. It's scary because it's real.
Friday, August 12, 2005
Court Overturns Ruling Saying Reading Someone's Email Isn't A Wiretap
Last year, there was a big uproar over the fact that a court found that a bookseller who offered his customers free email accounts did not violate wiretapping laws by reading their emails in order to see what Amazon was offering as deals. The ruling hinged on the wording of wiretap laws. The judges in the case admitted they weren't comfortable with the decision, but the problem was in the way the law was worded. The law only applies to "intercepted" communications -- and since the messages were (temporarily) on a server, reading through them technically was not "intercepting" communications, since they already had them. It appears that a new ruling now reverses that ruling and says that it is wiretapping, and the original case can go on. While the end result may seem like a good thing, protecting the rights of individuals to keep their email private from their email providers, the decision is still questionable. The real problem here is the wiretap law that is not designed to handle this situation at all. The article above notes that the law hopefully will still be changed -- which would solve this issue. However, in the meantime, it does sound like the judges may have decided something not based on what the law actually says.
Summer read: Markoff's "What the Dormouse Said"
While there have been several histories of the personal computer, well-known technology writer John Markoff has created the first ever to spotlight the unique political and cultural forces that gave rise to this revolutionary technology. Focusing on the period of 1962 through 1975 in the San Francisco Bay Area, where a heady mix of tech industries, radicalism, and readily available drugs flourished, What the Dormouse Said tells the story of the birth of the personal computer through the people, politics, and protest that defined its unique era.Here's an excerpt:
Bill Duvall at work on one of the Augment Group's yoga workstations.
Dave Evans was one of the Augment team members who had strong ties to the counterculture, and one evening Steward Brand brought Ken Kesey by for a look at the NLS system. It was several years after the Merry Prankster era and Kesey's legal problems over a marijuana arrest, and he had become a celebrity as a result of the publication of Tom Wolfe's The Electric Kool-Aid Acid Test, in which he was the main character. He was quarreling with Hollywood movie studios over the film based on his novel Sometimes a Great Notion and was preparing to retreat to a dairy farm in Oregon.
For an hour, Evans took the system through its paces, showing the writer how it was possible to manipulate text, retrieve information, and collaborate with others. At the end of the demonstration Kesey sighed and said, "It's the next thing after acid."Thursday, August 11, 2005
MD5 Used as a Defence
A team of Chinese maths enthusiasts have thrown NSW's speed cameras system into disarray by cracking the technology used to store data about errant motorists.
The NRMA has called for a full audit of the way the state's 110 enforcement cameras are used after a motorist escaped a conviction by claiming that data was vulnerable to hackers.
A Sydney magistrate, Laurence Lawson, threw out the case because the Roads and Traffic Authority failed to find an expert to testify that its speed camera images were secure.
The motorist's defence lawyer, Denis Mirabilis, argued successfully that an algorithm known as MD5, which is used to store the time, date, place, numberplate and speed of cars caught on camera, was a discredited piece of technology.
The NRMA has called for a full audit of the way the state's 110 enforcement cameras are used after a motorist escaped a conviction by claiming that data was vulnerable to hackers.
A Sydney magistrate, Laurence Lawson, threw out the case because the Roads and Traffic Authority failed to find an expert to testify that its speed camera images were secure.
The motorist's defence lawyer, Denis Mirabilis, argued successfully that an algorithm known as MD5, which is used to store the time, date, place, numberplate and speed of cars caught on camera, was a discredited piece of technology.
Password Crackers, Encryption Tools, Penetration Tester List
A website with list of available programs, websites, and companies that specialize in security, password hacking, cracks, security publications, computer forensics and more.
Gee, the Stuff from DefCon Just Keeps Comming...
Video from the DefCon WiFI Shootout event along with some photos and topographical information.
Wednesday, August 10, 2005
And it's not even Friday: WiFi Speed Spray
This revolutionary product enhances the transfer of computer data through the air. You'll be amazed! Why spend $$$ to upgrade your network when all you need to speed things up is WiFi Speed Spray!Do you live in a polluted environment such as Los Angeles? If so, you've probably experienced the heartbreak of data transfer slow-down.
WiFi Speed Spray™ can overcome the effects of pollution, increase fidelity, and provide you with the fastest wireless data transfer possible. Compatible with ALL 802.XXx standards!
It's a scientific fact. Radio waves become sluggish under a variety of common environmental conditions. Besides air pollution, radio waves slow down in noisy environments, at night, and in "high emission" areas such as computer rooms, offices that use fluorescent lighting, and even in the kitchen (those pesky microwave ovens are to blame!).
WiFi Speed Spray™ is designed to eliminate these harsh conditions selectively. Only the radio wave path is affected. It's 100% SAFE to use, natural, no harmful toxic substances, and no side-effects. It's so safe, you can even BREATHE it in.
Hack Your Life
lifehack.org - Daily digest and pointer on productivity, getting things done and lifehacks
What if you applied the hacker mindset to your everyday life? Getting things done quicker and smarter than normal people. LifeHack is updated daily with the most recently notable articles being: the art of traveling with one bag, optimizing your bathing, note taking systems, and how to get a project up and running.
What if you applied the hacker mindset to your everyday life? Getting things done quicker and smarter than normal people. LifeHack is updated daily with the most recently notable articles being: the art of traveling with one bag, optimizing your bathing, note taking systems, and how to get a project up and running.
Too Much Security Can be Bad - Man's Testicles Locked In Padlock
According to the Portsmouth Herald, police reported that the 39-year-old man was intoxicated when they arrived at the scene on July 30 at about 3:40 a.m. The man, who was not identified, told them that he had the padlock around his testicles for two weeks.
The man said that a friend put the lock on while he was drunk and passed out. When he woke up, the friend was gone.
"Never in my 13 years have I seen anything like this," Cpl. H.D. Wood told the Herald.
The man told police that he tried to remove the lock with a hacksaw because the key had broken off in the lock.
He was taken to Exeter Hospital, where a locksmith removed the padlock. He was treated and released, and the hospital said he had no lasting injury.
Police said that they did not know the motive for the incident.
The man said that a friend put the lock on while he was drunk and passed out. When he woke up, the friend was gone.
"Never in my 13 years have I seen anything like this," Cpl. H.D. Wood told the Herald.
The man told police that he tried to remove the lock with a hacksaw because the key had broken off in the lock.
He was taken to Exeter Hospital, where a locksmith removed the padlock. He was treated and released, and the hospital said he had no lasting injury.
Police said that they did not know the motive for the incident.
One More Last Tidbit from DefCon
The Shmoo Group's DefCon 13 presentation, "Shmoo-Fu", is available as PDF HERE.
While the presentation is interesting enough (prob should of been there). The sidebar/disclaimer for Law Enforcement Agents makes for a just as interesting read...
While the presentation is interesting enough (prob should of been there). The sidebar/disclaimer for Law Enforcement Agents makes for a just as interesting read...
Tuesday, August 09, 2005
One Last DefCon Tidbit - Wireless Interception Distance Records
Don't believe wireless distance limitations. Again and again they're proven wrong.
At DefCon earlier this month, a group was able to set up an unamplified 802.11 network at a distance of 124.9 miles.
The record holders relied on more than just a pair of wireless laptops. The equipment required for the feat, according to the event website, included a "collection of homemade antennas, surplus 12 foot satellite dishes, home-welded support structures, scaffolds, ropes and computers".
Bad news for those of us who rely on physical distance to secure our wireless networks.
Even more important, the world record for communicating with a passive RFID device was set at 69 feet. (Pictures 69 here.) Remember that the next time someone tells you that it's impossible to read RFID identity cards at a distance.
Whenever you hear a manufacturer talk about a distance limitation for any wireless technology -- wireless LANs, RFID, Bluetooth, anything -- assume he's wrong. If he's not wrong today, he will be in a couple of years. Assume that someone who spends some money and effort building more sensitive technology can do much better, and that it will take less money and effort over the years. Technology always gets better; it never gets worse. If something is difficult and expensive now, it will get easier and cheaper in the future.
Monday, August 08, 2005
No Monad scripting in first Windows Vista
Just one day after the first public reports of viruses being written for an upcoming feature of Microsoft's Windows operating system, Microsoft has confirmed that it will not include theMonad Shell feature in the first generally available release of Microsoft Vista, expected in the second half of 2006.
The Monad Shell, provides a way for users to access the operating system using text-based commands rather than the traditional Windows graphical user interface. In the past, Microsoft has said that Monad will be part of "Longhorn," the code name for both the next client and server versions of Windows.
In an interview Friday, Microsoft Director of Product Management Eric Berg said Monad will not be included in the first commercial version of Windows Vista, expected in the second half of 2006. But the product is expected to be included in Windows over the next "three to five years," he said. "Our intention is to synchronize it with both client and server operating systems."
Security experts had worried that if Monad were to be included in a widely used client, it might become an attractive target for hackers, especially if the shell were to be enabled by default.
Ray was worried about this...
Saturday, August 06, 2005
London Bombing Details
Interesting details about the bombs used in the 7/7 London bombings:
The NYPD officials said investigators believe the bombers used a peroxide-based explosive called HMDT, or hexamethylene triperoxide diamine. HMDT can be made using ordinary ingredients like hydrogen peroxide (hair bleach), citric acid (a common food preservative) and heat tablets (sometimes used by the military for cooking).HMDT degrades at room temperature, so the bombers preserved it in a way that offered an early warning sign, said Michael Sheehan, deputy commissioner of counterterrorism at the nation's largest police department.
"In the flophouse where this was built in Leeds, they had commercial grade refrigerators to keep the materials cool," Sheehan said, describing the setup as "an indicator of a problem."
Among the other details cited by Sheehan:
The bombers transported the explosives in beverage coolers tucked in the backs of two cars to the outskirts of London.
Investigators believe the three bombs that exploded in the subway were detonated by cell phones that had alarms set to 8:50 a.m.
For those of you upset that the police divulged the recipe -- citric acid, hair bleach, and food heater tablets -- the details are already out there.
And here are some images of home-made explosives seized in the various raids after the bombings.
Normally this kind of information would be classified, but presumably the London (and U.S.) governments feel that the more people that know about this, the better. Anyone owning a commercial-grade refrigerator without a good reason should expect a knock on his door.
Remote-Controlled Humans
Now here is a way to secure/manage your staff...NTT has demonstrated a remote-control system for people. The researchers outfit their subject with two electrodes behind the ears that "pull" her in one direction or another. As you can see in the video accompanying a Forbes article on the technology, the subject walks (and laughs) like she's just hammered.
Friday, August 05, 2005
2005 or 1984?
Cops can dig through your trash legally, says judge...
A Montana Supreme Court justice says it's within the law for police to sift through your garbage for incriminating stuff, even without a warrant or court approval. The Supreme Court of Montana ruled last month that police could conduct a warrantless "trash dive" into the trash cans in the alley behind the home of a man named Darrell Pelvit. The cops discovered pseudoephedrine boxes -- a solvent with uses including the manufacture of methamphetamine -- and Pelvit eventually ended up in prison.
Pelvit's attorney argued that his client had a reasonable expectation of privacy in his trash, but the court rejected the argument and said the trash was, well, meant to be thrown away.
A Montana Supreme Court justice says it's within the law for police to sift through your garbage for incriminating stuff, even without a warrant or court approval. The Supreme Court of Montana ruled last month that police could conduct a warrantless "trash dive" into the trash cans in the alley behind the home of a man named Darrell Pelvit. The cops discovered pseudoephedrine boxes -- a solvent with uses including the manufacture of methamphetamine -- and Pelvit eventually ended up in prison.
Pelvit's attorney argued that his client had a reasonable expectation of privacy in his trash, but the court rejected the argument and said the trash was, well, meant to be thrown away.
What's remarkable is the concurring opinion of Montana Supreme Court Justice James C. Nelson, who reluctantly went along with his colleagues but warned that George Orwell's 1984 had arrived.
So dumpster diving is legal for everyone?
So dumpster diving is legal for everyone?
Wearable tech at Siggraph: Fridays are for Fun!
The fourth annual Cyberfashion show at SIGGRAPH took place this week in Los Angeles.Wearable Environmental Information Networks of Japan, or WIN, showed several notable designs, including Report-the-World, a get-up designed for future stealth journalists. A retro trench coat hides 10 hidden cameras for capturing 360-degree panoramic images. The front pocket holds a small computer, a ring-embedded speaker transmits location-based audio instructions, and a head-mounted display is stylishly encrusted with Swarovski crystals, like an electric tiara.
WIN also demonstrated Dog @ Watch for children. The plushy-form device for the wrist hides a GPS sensor, a cell phone for voice-dialing parents and an alarm sensor to monitor the wearer's safety.
Kirsten McCall, a 9-year-old model, acknowledged the value of safety features to "protect against bad guy kidnappers," but was more excited about other potential features. "I'd like a jacket that has a TV on the sleeve, so I can watch shows all day -- but mostly, I want clothes that do my homework for me."
Thursday, August 04, 2005
Elevator Hack: Press Two Buttons at Once and Head Straight for the Lobby
Here’s a hack that will put most elevators in a hidden “Express” mode that bypasses all the floors and sends you right to the lobby. Love it!
“The designers of some elevators include a hidden feature that is very handy if you’re in a hurry or it’s a busy time in the building (like check-out time in a hotel). While some elevators require a key, others can be put into “Express” mode by pressing the “Door Close” and “Floor” buttons at the same time. This sweeps the car to the floor of your choice and avoids stops at any other floor. This seems to work on most elevators that I have tried!
“Most elevators have the option for this to work, but on some of them the option is turned off by whoever runs them. This is a rather fun hack, so the next time you are on an elevator, give it a try, you have nothing to lose.” Source: The Damnblog.com
Elevators that have been tested and worked on:
–Otis Elevators (All But The Ones Made In 1992),
–Dover (Model Numbers: EL546 And ELOD862),
–And Most Desert Elevators(All, But Model Numbers ELD5433 And ELF3655)
Wednesday, August 03, 2005
More Lynn/Cisco Information
UK Commissioner Wants 10-years for Refusing Access to Encrypted Data
Sir Ian Blair, Commissioner of the Metropolitan Police, will this week propose a 10-year mandatory minimum sentence for anyone refusing to provide police with details of how to access encrypted information on their computers.
Dozens of computers have been seized in the UK and Italy in the wake of the recent bombings. At present, police can hold suspects for a maximum of 14 days under terrorism legislation, often insufficient time to break into whatever information their computers may contain.
'A lot of the stuff that we have on computers is encrypted, and for that reason I am interested in creating an offence of refusing to reveal an encryption key,' Blair said. 'It has to be punishable by a term of at least 10 years.'
However, the civil rights group Liberty says the proposals are 'like suggesting that the police should be able to steam open your mail after you've put it in the post box'.
Dozens of computers have been seized in the UK and Italy in the wake of the recent bombings. At present, police can hold suspects for a maximum of 14 days under terrorism legislation, often insufficient time to break into whatever information their computers may contain.
'A lot of the stuff that we have on computers is encrypted, and for that reason I am interested in creating an offence of refusing to reveal an encryption key,' Blair said. 'It has to be punishable by a term of at least 10 years.'
However, the civil rights group Liberty says the proposals are 'like suggesting that the police should be able to steam open your mail after you've put it in the post box'.
WiFi pistol shown at Defcon
Every year, smaller, more powerful processors come to market - hacker weaponry follows the same trend. Last year, the Shmoo Group and Flexilis demonstrated long-ranged WiFi and Bluetooth rifles, but this year, wireless weaponry becomes smaller, but much more powerful. The Shmoo Group, known for melding cool security gear into hardware, showed off their latest creation, a powerful 802.11 pistol, which can detect WiFi networks for miles.The WiFi pistol consists of a Compaq IPaq PDA, a Compact Flash battery sleeve, a Senao wireless card, a 9db patch antenna, a rotary attenuator, one watt amp and an external battery pack.
The electronics are mounted on a slingshot frame that has an integrated pistol grip. The PDA runs Wellreiter, which is a network detection and auditing tool similar to NetStumbler or Kismet. With everything turned up full blast, the pistol can detect networks miles away. Beetle, a member of the Shmoo Group, says that the pistol usually detects 50-60 networks instantly.
The one watt amplifier, combined with the nine db antenna and the power coming the Senao card, produce an incredible amount of radiated energy. The rotary attenuator can reduce the power feeding the antenna, to prevent power swamping of close access points. Under normal usage, Beetle says that the pistol can last eight hours straight.
Tuesday, August 02, 2005
Phrack #63 (PHRACK FINAL) e-zine released!
Looks like Phrack #63 is available for download... From the introduction.txt file:
For 20 years PHRACK magazine has been the most technical, most original,
the most Hacker magazine in the world. The last five of those years have
been under the guidance of the current editorial team. Over that time, many
new techniques, new bugs and new attacks have been published in PHRACK. We
enojoyed every single moment working on the magazine.
The time is right for new blood, and a fresh phrackstaff.
PHRACK 63 marks the end of the line for some and the start of the line for
others. Our hearts will alwasy be with PHRACK.
Expect a new release, under a new regime, sometime in 2006/2007.
As long as there is technology, there will be hackers. As long as there are
hackers, there will be PHRACK magazine. We look forward to the next 20 years.
For 20 years PHRACK magazine has been the most technical, most original,
the most Hacker magazine in the world. The last five of those years have
been under the guidance of the current editorial team. Over that time, many
new techniques, new bugs and new attacks have been published in PHRACK. We
enojoyed every single moment working on the magazine.
The time is right for new blood, and a fresh phrackstaff.
PHRACK 63 marks the end of the line for some and the start of the line for
others. Our hearts will alwasy be with PHRACK.
Expect a new release, under a new regime, sometime in 2006/2007.
As long as there is technology, there will be hackers. As long as there are
hackers, there will be PHRACK magazine. We look forward to the next 20 years.
Hacking Hotel Infrared Systems
From Wired:
A vulnerability in many hotel television infrared systems can allow a hacker to obtain guests' names and their room numbers from the billing system.It can also let someone read the e-mail of guests who use web mail through the TV, putting business travelers at risk of corporate espionage. And it can allow an intruder to add or delete charges on a hotel guest's bill or watch pornographic films and other premium content on their hotel TV without paying for it....
"No one thinks about the security risks of infrared because they think it's used for minor things like garage doors and TV remotes," Laurie said. "But infrared uses really simple codes, and they don't put any kind of authentication (in it).... If the system was designed properly, I shouldn't be able to do what I can do."
Monday, August 01, 2005
An anonymous Internet communication system
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.
Sunday, July 31, 2005
The Kegbot At DefCon 05
The annual hacker conference DefCon in Las Vegas this weekend has spawned some pretty innovative stuff, not the least of which is the Kegbot. DefCon attendee Phillip Torrone of Make Magazine writes:
One the coolest projects I’ve seen so far at DEFCON was the kegbot, a linux based keg that dispenses beer as long as you have an iButton key. The system keeps track of who you are, how much you’re drinking and in team mode- where you rank. the Kegbot crew built and deployed a kegbot on site at DEFCON, we were lucky enough to get there and document the building of it!
More pics and instructions on building your own Kegbot at the Make Magazine web site.
Saturday, July 30, 2005
Microsoft "Genuine Advantage" cracked in 24 hours
This week Microsoft stopped providing updates to non-genuine versions of its Windows XP operating system. The company has switched over to a full launch of its Windows Genuine Advantage Program as part of its ongoing anti-piracy campaign.
Users will now have to join the WGA authentication program if they want to receive software updates from the Microsoft Download Centre or from Windows Update. However, MS says it will still provide security patches for pirated systems, which will be available via Automatic Updates in Windows.
Users will now have to join the WGA authentication program if they want to receive software updates from the Microsoft Download Centre or from Windows Update. However, MS says it will still provide security patches for pirated systems, which will be available via Automatic Updates in Windows.
Well, it was good while it lasted... The protection was cracked within 24 hours...
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
CODE
javascript:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
Gun Safety
Friday, July 29, 2005
Crap it's Friday Already!
Crap Cleaner may be a system cleaner but it has also removed browser hijacks when nothing else would. CCleaner is a freeware system optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. But the best part is that it's fast (normally taking less that a second to run) and contains NO Spyware or Adware!
Cleans the following:
* Internet Explorer Cache, History, Cookies, Index.dat.
* Recycle Bin, Temporary files and Log files.
* Recently opened URLs and files.
* Third-party application temp files and recent file lists (MRUs).
Including: Firefox, Opera, Media Player, eMule, Kazaa, Google Toolbar, Netscape, Office XP, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and more...
* Advanced Registry scanner and cleaner to remove unused and old entries.
Including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more... Backup for registry clean.
Cleans the following:
* Internet Explorer Cache, History, Cookies, Index.dat.
* Recycle Bin, Temporary files and Log files.
* Recently opened URLs and files.
* Third-party application temp files and recent file lists (MRUs).
Including: Firefox, Opera, Media Player, eMule, Kazaa, Google Toolbar, Netscape, Office XP, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and more...
* Advanced Registry scanner and cleaner to remove unused and old entries.
Including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more... Backup for registry clean.
Thursday, July 28, 2005
Scandal at BlackHat?
Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference at Caesars Palace, Las Vegas • July 23-28, 2005 earlier in the day.
Basically this adds a whole new twist to the router exploit field. Remote code executation via buffer overflow. That in general has not existed in the cisco world because no one had developed it. In the past most router vulnerabilities were denial of service vulnerabilities. See this CRN article for additional details on this event.
Also this year's Black Hat presentations are now online...Basically this adds a whole new twist to the router exploit field. Remote code executation via buffer overflow. That in general has not existed in the cisco world because no one had developed it. In the past most router vulnerabilities were denial of service vulnerabilities. See this CRN article for additional details on this event.
Wednesday, July 27, 2005
Border Security (Border XXX-ings)
Many of us here in the good old USA have gotten into the habit of thinking of Canada as our smarter cousin to the north: a society open to gay marriage, more relaxed attitudes towards (less harmful than alcohol) recreational drugs, health care that covers more people for less cost, etc. So when we find out that Canada can be a big old arrogant dolt like us, it's more shocking than it might otherwise be...
This week, The Smoking Gun got their hands on the "Admissible and Prohibited Titles" list from Canada's Border Patrol -- and, for some of us, (like one gp) it reads almost like a shopping list. (The document officially covers "obscenity, hate speech, and child pornography," but the only material listed is in the "obscenity" category.)
This week, The Smoking Gun got their hands on the "Admissible and Prohibited Titles" list from Canada's Border Patrol -- and, for some of us, (like one gp) it reads almost like a shopping list. (The document officially covers "obscenity, hate speech, and child pornography," but the only material listed is in the "obscenity" category.)
DefConTime
You still have time to head out- DefCon 13 will be held at the Alexis Park in Las Vegas, Nevada, July 29-31.
The folks at SANS have some Con-fu - good tips for protecting your system if you do go (or anytime for that matter).
Get there early and head over to the pre-DefCon Summit! TheSummit is a fund raiser for the EFF, a nonprofit group of passionate people - lawyers, technologists, volunteers, and visionaries - working to protect your digital rights.
The folks at SANS have some Con-fu - good tips for protecting your system if you do go (or anytime for that matter).
Get there early and head over to the pre-DefCon Summit! TheSummit is a fund raiser for the EFF, a nonprofit group of passionate people - lawyers, technologists, volunteers, and visionaries - working to protect your digital rights.
Woman Accused of Groping Airport Screener
Things that make you go hmmm...
A 62-year-old woman who was upset about being searched at an airport shoved a security screener and then grabbed her breasts, federal prosecutors said. The woman said she reacted in self-defense to "an absolute invasion of my body."
Dintenfass denied that she shoved Gostisha, but admitted putting her hands on the agent's breasts.
"I was mortified that I had done that," she said. "I was reacting to what felt like an absolute invasion of my body."
A 62-year-old woman who was upset about being searched at an airport shoved a security screener and then grabbed her breasts, federal prosecutors said. The woman said she reacted in self-defense to "an absolute invasion of my body."
Dintenfass denied that she shoved Gostisha, but admitted putting her hands on the agent's breasts.
"I was mortified that I had done that," she said. "I was reacting to what felt like an absolute invasion of my body."
Tuesday, July 26, 2005
WiFi Cantennas now “illegal”
What is disturbing about this article are comments like:
Known as "cantennas," they consist of a Pringles can and some hardware worth $5 to $10 but can be used to amplify a wireless signal several miles away.
"They're unsophisticated but reliable, and it's illegal to possess them," said Lozito of the Hi-Tech Crimes Task Force.
also...
It's also illegal to access wireless networks that aren't public. In other words, if you've ever been pleasantly surprised to open your laptop, pull up your browser and have Internet access, that likely means you've just intruded into someone else's unsecured network‚— and really aren't allowed to be there.
How do articles like this get published?
For a more intelligent view- CNet's News.com has one of its excellent FAQ pieces on whether it's legal to mooch WiFi. The bottom line: Uh, we dunno.
Known as "cantennas," they consist of a Pringles can and some hardware worth $5 to $10 but can be used to amplify a wireless signal several miles away.
"They're unsophisticated but reliable, and it's illegal to possess them," said Lozito of the Hi-Tech Crimes Task Force.
also...
It's also illegal to access wireless networks that aren't public. In other words, if you've ever been pleasantly surprised to open your laptop, pull up your browser and have Internet access, that likely means you've just intruded into someone else's unsecured network‚— and really aren't allowed to be there.
How do articles like this get published?
For a more intelligent view- CNet's News.com has one of its excellent FAQ pieces on whether it's legal to mooch WiFi. The bottom line: Uh, we dunno.
Monday, July 25, 2005
Russia’s Biggest Spammer Brutally Murdered in Apartment
Who said SPAM wasn't dangerous...
Vardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head.
Currently the entire Russian population is being considered a suspect. ;)
Vardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head.
Currently the entire Russian population is being considered a suspect. ;)
Build Your Own Wardriving Box
Our friends at wardriving.ch did an amazing job in building an embedded PC based wardriving box. See the full article for instructions on where to get the materials and how to build the software distribution.
Saturday, July 23, 2005
Congress Report: TSA Broke Privacy Laws
The Transportation Security Administration violated privacy protections by secretly collecting personal information on at least 250,000 people, congressional investigators said Friday.
The Government Accountability Office sent a letter to Congress saying the collection violated the Privacy Act, which prohibits the government from compiling information on people without their knowledge.
From the article: The GAO letter said that the TSA also said originally that it wouldn't use and store commercial data about airline passengers. It not only did that, it collected and stored information about the people with similar names.
"As a result, an unknown number of individuals whose personal information was collected were not notified as to how they might access or amend their personal data," the letter said.
It was only after meeting with the GAO, which is overseeing the program, that the TSA published a second notice indicating that it would do the things it had earlier said it wouldn't do.
Oberman said it's not unusual to revise such notices.
"We are conducting a test," he said. "I didn't know what the permutations would be."
Oberman also said that the test has no impact on anyone who travels and that the data will be destroyed when the test is over.
Anybody want to guess when the test will be over?
The Government Accountability Office sent a letter to Congress saying the collection violated the Privacy Act, which prohibits the government from compiling information on people without their knowledge.
From the article: The GAO letter said that the TSA also said originally that it wouldn't use and store commercial data about airline passengers. It not only did that, it collected and stored information about the people with similar names.
"As a result, an unknown number of individuals whose personal information was collected were not notified as to how they might access or amend their personal data," the letter said.
It was only after meeting with the GAO, which is overseeing the program, that the TSA published a second notice indicating that it would do the things it had earlier said it wouldn't do.
Oberman said it's not unusual to revise such notices.
"We are conducting a test," he said. "I didn't know what the permutations would be."
Oberman also said that the test has no impact on anyone who travels and that the data will be destroyed when the test is over.
Anybody want to guess when the test will be over?
Friday, July 22, 2005
It's Friday.... Time for the Straight Poop
Big Brother? The rest of the family is lurking online
A lesson for London? Drop a bomb on the subway in Korea and they nab you quick!
If you no longer marvel at the Internet's power to connect and transform the world, you need to hear the story of a woman known to many around the globe as, loosely translated, Dog Poop Girl.
Recently, the woman was on the subway in her native South Korea when her dog decided that this was a good place to do its business.
The woman made no move to clean up the mess, and several fellow travelers got agitated. The woman allegedly grew belligerent in response.
What happened next was a remarkable show of Internet force, and a peek into an unsettling corner of the future.
One of the train riders took pictures of the incident with a camera phone and posted them on a popular Web site. Net dwellers soon began to call her by the unflattering nickname, and issued a call to arms for more information about her.
According to one blog that has covered the story, "within days, her identity and her past were revealed. Requests for information about her parents and relatives started popping up, and people started to recognize her by the dog and the bag she was carrying," because her face was partially obscured by her hair.
Online discussion groups crackled with chatter about every shred of the woman's life that could be found, and with debate over whether the Internet mob had gone too far. The incident became national news in South Korea and even was discussed in Sunday sermons in Korean churches in the Washington area.
Humiliated in public and indelibly marked, the woman reportedly quit her university.
A lesson for London? Drop a bomb on the subway in Korea and they nab you quick!
If you no longer marvel at the Internet's power to connect and transform the world, you need to hear the story of a woman known to many around the globe as, loosely translated, Dog Poop Girl.
Recently, the woman was on the subway in her native South Korea when her dog decided that this was a good place to do its business.
The woman made no move to clean up the mess, and several fellow travelers got agitated. The woman allegedly grew belligerent in response.
What happened next was a remarkable show of Internet force, and a peek into an unsettling corner of the future.
One of the train riders took pictures of the incident with a camera phone and posted them on a popular Web site. Net dwellers soon began to call her by the unflattering nickname, and issued a call to arms for more information about her.
According to one blog that has covered the story, "within days, her identity and her past were revealed. Requests for information about her parents and relatives started popping up, and people started to recognize her by the dog and the bag she was carrying," because her face was partially obscured by her hair.
Online discussion groups crackled with chatter about every shred of the woman's life that could be found, and with debate over whether the Internet mob had gone too far. The incident became national news in South Korea and even was discussed in Sunday sermons in Korean churches in the Washington area.
Humiliated in public and indelibly marked, the woman reportedly quit her university.
Thursday, July 21, 2005
Japanese Bank Hypes ATM “Slot Machine”
A Japanese bank is offering automatic tellers with a built-in slot machine to jazz up the “boring” experience of withdrawing money from a hole in the wall. Customers who get the words “Super Gold” three times in a line will win about £5, but can only collect the winnings from inside the bank during working hours.
Judging its customers to be financially astute, the bank will inform cash-machine users what odds are on offer. The chances of having a transaction fee waived are about 1 in 10, and the odds of hitting the 1,000 yen jackpot are 1 in 500.
Since the adoption rate for Online Banking has historically mirrored that of ATMs.... Can games at your favorite online banking site be far behind?
Judging its customers to be financially astute, the bank will inform cash-machine users what odds are on offer. The chances of having a transaction fee waived are about 1 in 10, and the odds of hitting the 1,000 yen jackpot are 1 in 500.
Since the adoption rate for Online Banking has historically mirrored that of ATMs.... Can games at your favorite online banking site be far behind?
So Long Mr. Scott
James Doohan led a varied and eventful life. So much so that his biography "Beam Me Up Scotty!" is a very interesting read. Did you know that Scottys' middle name Montgomery actually comes from Jimmy Doohans' grandfather, a Scottish sea captain by the name of James Montgomery - Jimmy would also seem to have taken after him in that his mother was born when his grandfather was over seventy! Jimmy and his wife Wende were blessed with their youngest child when he was eighty.
On Wednesday 7/20 Doohan died at his home in Redmond, Wash., with his wife of 31 years, Wende, at his side. He had retired from public events last year, not long after announcing he had Alzheimer's disease.
Houston-based Space Services Inc., which specializes in space memorials, plans to send a few grams of Doohan's ashes aboard a rocket later this year. The remains, which will be sealed in an aluminum capsule, will eventually burn up when they re-enter Earth's atmosphere.
Houston-based Space Services Inc., which specializes in space memorials, plans to send a few grams of Doohan's ashes aboard a rocket later this year. The remains, which will be sealed in an aluminum capsule, will eventually burn up when they re-enter Earth's atmosphere.
Wednesday, July 20, 2005
More Flash Demos of Hacks from WHAX
http://eks0.free.fr/whax-demos/
Also, here are some other demos incuding one using Whoppix/WHAX on WEP.
Also, here are some other demos incuding one using Whoppix/WHAX on WEP.
Tuesday, July 19, 2005
Event Log Explorer 1.2
Event Log Explorer allows administrators to view, monitor and analyze events recorded in the Security, System, Application and other logs. The program extends the features of the standard event log viewer by offering detailed filtering capabilities, that allow you to view events by category, event ID, event type, user, as well as by date or keyword match. Event Log Explorer can also export your evnts as HTML or printable text report.
And it is freeware...
Causes of Suicide Terrorism
Here's a very fascinating interview with Robert Pape, a University of Chicago professor who has studied every suicide terrorist attack since 1980.
Monday, July 18, 2005
Financial Security or Things Obaid Hasn't Told You
Deficit Falls
The projected federal budget deficit has decreased by nearly $100 billion thanks to unexpected increases in tax payments. Rising corporate profits, up 40 percent over 2004, provided most of the extra money.
Gas
Does the average price of a gallon of gas at $2.328 got you in the dumps? You should know this - We are still better off than we were in March 1981 when the real cost of fuel hit its all time high. Back them a gallon cost $1.417 the equivalent of $3.107 a gallon today in inflation adjusted dollars!
SUVs rock!
Unemployment Hits Four-Year Low
Unemployment in June fell to 5%, the lowest level in nearly four years. The drop of 224,000, was the greatest monthly decline in more than a decade.
The projected federal budget deficit has decreased by nearly $100 billion thanks to unexpected increases in tax payments. Rising corporate profits, up 40 percent over 2004, provided most of the extra money.
Gas
Does the average price of a gallon of gas at $2.328 got you in the dumps? You should know this - We are still better off than we were in March 1981 when the real cost of fuel hit its all time high. Back them a gallon cost $1.417 the equivalent of $3.107 a gallon today in inflation adjusted dollars!
SUVs rock!
Unemployment Hits Four-Year Low
Unemployment in June fell to 5%, the lowest level in nearly four years. The drop of 224,000, was the greatest monthly decline in more than a decade.
Saturday, July 16, 2005
Finger Scanning At Disney Parks Causes Concern
The addition of finger scanning technology at the entrances of Walt Disney World theme parks for all visitors has caused concern among privacy advocates.
"Disney World is now requiring all visitors to have their index and middle fingers scanned to gain entrance to the park. This started for season pass holders, but is now required for everyone." From the article: "'I think it's a step in the wrong direction,' Civil Liberties Union spokesman George Crossley said. 'I think it is a step toward collection of personal information on people regardless of what Disney says.'"
Disney always gave me the willies... This just adds to it. GP, just think of the germs!
Friday, July 15, 2005
The System Administrator Song
System administrators the world over, rejoice! A song has been sung in your honor. Wes from Three Dead Trolls is at it again with The System Administrator Song. Are you a sysadmin yourself,and/or do you annoy one on a regular basis?
Note: Just because you might have an Administrator account on your system does not necessarily make you a system administrator...
Note: Just because you might have an Administrator account on your system does not necessarily make you a system administrator...
There's a guy who works in another room, or on another floor; He's the one you call, when your document ain't there no more; he's probably a boy, but he might be a girl, or something in between; he's the only one in the office who knows what 'PC Load Letter' means. He's your system administrator; he's probably into comic books; and you tremble in fear when you have to hear one of his 'what a dummy' looks.
Don't forget upcoming System Administrator Appreciation Day!
Fridays are for Fun - DIY Home Projector
Have $200-800 sitting around and some time for tinkering? InventGeek has a project suitable for the novice user. Now you can build your very own LCD projector...
Thursday, July 14, 2005
Domain Name HIJacking: Incidents, Threats, Risks, and Remedial Actions
In a 48 page report the ICANN's Security and Stability Advisory Committee has outlined several famous and recent thefts of websites, including Panix.com, Hushmail.com and HZ.com, and listed where the system went wrong and what can be done to correct the flaws. It has made 10 findings and, in response, 10 recommendations for how the internet industry and consumers themselves can make sure that people don't steal their online property.
Most of the bad guys still aren't that smart (that's the good news)
Taiwan snares "evil dragon" criminal via online game
Illinois Police Arrest Man Who Said He Was Driving To D.C. With Explosives
Taiwan police captured a heavily armed fugitive whom they had been tracking for more than a year on Wednesday after he exposed his whereabouts by playing online computer games. Taiwan evening newspapers said Chang Hsi-ming, wanted for murder, illegal possession of weapons and multiple kidnappings, was found via his Internet protocol address after police found out he often played games online. The head of Taiwan's Criminal Investigation Bureau personally led the siege against Chang's hideout in central Taiwan, with more than 130 police and two armoured vehicles as he was known to be armed with assault rifles and hand grenades.
Illinois Police Arrest Man Who Said He Was Driving To D.C. With Explosives
Terry Daniel, 44, of Cedar Rapids, Iowa, used the words ''bomb,'' ''explosive,'' ''Washington, D.C.'' and ''president,'' over a CB radio around 3 a.m. Wednesday 7/13 while driving eastbound on Interstate 80, Princeton police chief Tom Root told the (LaSalle) NewsTribune.
After hearing his comments, truck drivers alerted the authorities.
Police took the man into custody at a service station off I-80 in this central Illinois town, about 100 miles southwest of Chicago, when Daniel apparently stopped for gas. A search of the van turned up containers and other materials that lent credence to his threat, Root said.
''There were some maps, documents and other things that lead us to believe that he was headed in that direction and that location,'' he said.
After hearing his comments, truck drivers alerted the authorities.
Police took the man into custody at a service station off I-80 in this central Illinois town, about 100 miles southwest of Chicago, when Daniel apparently stopped for gas. A search of the van turned up containers and other materials that lent credence to his threat, Root said.
''There were some maps, documents and other things that lead us to believe that he was headed in that direction and that location,'' he said.
Wednesday, July 13, 2005
KCPenTrix ver 1.0 released today
Lots of SLAX activity in the last few days...
KCPentrix is a new liveCD designed to be a standalone Penetration testing toolkit for pentesters and security analysts. KCPenTrix is based on SLAX, a Slackware live CD and gentoo,auditor and whoppix.
KCPentrix is a new liveCD designed to be a standalone Penetration testing toolkit for pentesters and security analysts. KCPenTrix is based on SLAX, a Slackware live CD and gentoo,auditor and whoppix.
Tuesday, July 12, 2005
Whoppix is DEAD - Long live WHAX!
WHAX is the natural evolution of WHoppix - a live cd, standalone penetration testing toolkit. There are some major new features in WHAX which add huge functionality compared Whoppix, and may change the way we use live distributions.
The big change is that WHAX is so longer based on Knoppix, but on SLAX, a Slackware live cd. One of the main reasons for this change is the wonderful world of modularity which SLAX uses.
This modularity means that versions of WHAX can be easily customize to include whichever modules we like. All the tools have been compiled to "WHAX Modules" which can be easily added or removed, depending on your needs.
The big change is that WHAX is so longer based on Knoppix, but on SLAX, a Slackware live cd. One of the main reasons for this change is the wonderful world of modularity which SLAX uses.
This modularity means that versions of WHAX can be easily customize to include whichever modules we like. All the tools have been compiled to "WHAX Modules" which can be easily added or removed, depending on your needs.
hackergames.net!
Someplace for George to play when he is done at my house. Within you'll find a comprehensive list of hacking and security related challenges, hackits, wargames, tools, and tutorials, along with user reviews.
Monday, July 11, 2005
Phrack Magazine says Goodbye (for now)
Phrack is an online news service for hackers that has been in business for over 20 years starting initially as a dial-up bulletin board before moving to the web.
The magazine offered insight into all types of hacking, including hijacking wireless base stations in later editions.
The website does note: "We are preparing for a hardcover and ezine release at a major hacker convention near you!". So maybe we have not heard the last from Phrack.
The magazine offered insight into all types of hacking, including hijacking wireless base stations in later editions.
The website does note: "We are preparing for a hardcover and ezine release at a major hacker convention near you!". So maybe we have not heard the last from Phrack.
Saturday, July 09, 2005
Internet chatroom helps keep City of London open
Does your business resumption plan have any out-of-band mechanisms in case some of your major systems fail? Even something simple as a published e-mail address not hosted on your own systems may be useful. Perhaps a Jabber server, or an IRC chat room somewhere?
A secret Internet chatroom run by Britain's financial regulators helped keep London's financial markets open after Thursday's bomb blasts, while financial firms activated security measures in case of further attacks.
A Bank of England spokeswoman said this was the first time the secure site had been used in an actual crisis situation since its creation in the wake of the Sept. 11, 2001 attacks on the World Trade Center in New York.
A secret Internet chatroom run by Britain's financial regulators helped keep London's financial markets open after Thursday's bomb blasts, while financial firms activated security measures in case of further attacks.
A Bank of England spokeswoman said this was the first time the secure site had been used in an actual crisis situation since its creation in the wake of the Sept. 11, 2001 attacks on the World Trade Center in New York.
Friday, July 08, 2005
Fridays are so so special!
This weekend - spend some quality time searching for old pals, watch a little TV, make sure you are update-to-date with all your Microsoft patches via Firefox (yes it can be done), and for when you are all done, here's a bar of vibrating soap.
Thursday, July 07, 2005
London Rocked by Four Blasts
An organized Flickr photo collection of London's terrorist attack on July 7, 2005.
Take a moment and send them some goodwill in whatever fashion you see fit... even if you're not one of the persons wondering if friends, coworkers or family are among lost or injured.
My Mom would probably suggest prayers...
Turn Yourself into a Walking Hotspot
How to article on turning yourself into a walking hotspot by using a mobile power source and a cellular-to-Wi-Fi gateway.The Voltaic Systems backpack makes a great platform to build from due to all of the internal wiring and myriad power adapters included in the kit. The Junxion Box is a simple, clean appliance to handle the Wi-Fi to Cellular interface.
The Junxion Box requires a 12 volt power source. So, natch, a lead-acid battery would feed it the juice it needs. Starting with a 1.2 Amp-hour battery will let the whole kit run a few hours. (The Box draws between 200 mA and 500 mA of current while active.) Adding a bigger battery will lengthen your run time. Solar adds a bit of extra runtime and will keep your battery topped off when the system isn't running.
The full article gives step-by-step and a parts list for you to make your own.
Wednesday, July 06, 2005
Browser Identification For Web Applications
Browser Identification is not a new concept. With the focus having shifted to desktops from networks and servers, a topic such as remote browser identification needs to be revisited.
Browsers identify themselves to web servers in the USER_AGENT header field that is contained in requests sent to the server. Almost every release of browsers contains sloppy code that allows malicious servers or attackers to compromise user privacy and security.
This paper outlines techniques that allow users to determine client browser types remotely.
Download the paper in PDF format here.
Browsers identify themselves to web servers in the USER_AGENT header field that is contained in requests sent to the server. Almost every release of browsers contains sloppy code that allows malicious servers or attackers to compromise user privacy and security.
This paper outlines techniques that allow users to determine client browser types remotely.
Download the paper in PDF format here.
Tuesday, July 05, 2005
In the stolen-data trade, Moscow is the Wild East
The most expensive wares in Moscow's software markets, the items that some Russians are calling a threat to their personal safety, aren't on public display.
It takes less than 15 minutes to find them, however, at the teeming Gorbushka market, a jumble of kiosks selling DVDs, CD-ROMs and an array of gadgetry in an old factory west of downtown.
One question -- Where can we buy databases of private information? -- and the young man selling rip-off copies of Hollywood movies leaps to his feet. He leads the customers to another vendor, who wears a bull's head on his belt buckle. This second man listens to the request, opens his cellphone, and punches a speed-dial number.
Moments later, a third vendor appears. He is jovial and blunt about his trade.
"What do you need?" he says. "We have everything."
It takes less than 15 minutes to find them, however, at the teeming Gorbushka market, a jumble of kiosks selling DVDs, CD-ROMs and an array of gadgetry in an old factory west of downtown.
One question -- Where can we buy databases of private information? -- and the young man selling rip-off copies of Hollywood movies leaps to his feet. He leads the customers to another vendor, who wears a bull's head on his belt buckle. This second man listens to the request, opens his cellphone, and punches a speed-dial number.
Moments later, a third vendor appears. He is jovial and blunt about his trade.
"What do you need?" he says. "We have everything."
Monday, July 04, 2005
Pop-up Smut Tops Spyware Chart
A strain of spyware that displays pornographic pop-ups has retained its place as the top spyware nuisance on the net last month. ISTbar was responsible for 3.5 per cent of infections detected by Panda Software's free online malware scanner, more than any other spyware or adware application.
ISTbar, which poses as an ActiveX control, acts as an entry-point for other malware, adware and dialers. It also displays pornographic pop-ups, installs a toolbar and changes the home page of browsers on infested PCs.
Cydoor, an adware program that downloads advertisements from a server and displays them on PCs, made runner-up spot on Panda's June list of spyware nasties as nabbed by Panda's ActiveScan service, which was recently upgraded to add spyware detection alongside its existing virus busting features. Panda's June spyware chart features only one new entry, an adware package called MarketScore.
Spyware refers to a class of invasive program that generates pop-ups, hijacks user home pages or redirects searches in an attempt to either monitor user activity or bombard surfers with unwanted messages. It's a fast growing category that is beginning to eclipse more clear-cut malware - such as computer viruses - in economic impact if not in prevalence.
Top spyware threats, as compiled by Panda Software
1. ISTbar
2. Cydoor
3. New.net
4. XXXToolbar
5. Dyfuca
6. BetterInet
7. Petro-Line
8. Altnet
9. BargainBuddy
10. MarketScore
ISTbar, which poses as an ActiveX control, acts as an entry-point for other malware, adware and dialers. It also displays pornographic pop-ups, installs a toolbar and changes the home page of browsers on infested PCs.
Cydoor, an adware program that downloads advertisements from a server and displays them on PCs, made runner-up spot on Panda's June list of spyware nasties as nabbed by Panda's ActiveScan service, which was recently upgraded to add spyware detection alongside its existing virus busting features. Panda's June spyware chart features only one new entry, an adware package called MarketScore.
Spyware refers to a class of invasive program that generates pop-ups, hijacks user home pages or redirects searches in an attempt to either monitor user activity or bombard surfers with unwanted messages. It's a fast growing category that is beginning to eclipse more clear-cut malware - such as computer viruses - in economic impact if not in prevalence.
Top spyware threats, as compiled by Panda Software
1. ISTbar
2. Cydoor
3. New.net
4. XXXToolbar
5. Dyfuca
6. BetterInet
7. Petro-Line
8. Altnet
9. BargainBuddy
10. MarketScore
Sunday, July 03, 2005
Critical Information for the Traveling Public
Taking a trip this summer? Before you hop on that plane, you might want to check the latest info at AirSafe.com.
Real Homeland Security
Headed to that neighborhood BBQ or fireworks for the 4th... Check to see who might be back at your house going through your underwear drawer.
Friday, July 01, 2005
Security Skins - Better than Passmark?
Much has been written about the insecurity of passwords. Aside from being guessable, people are regularly tricked into providing their passwords to rogue servers because they can't distinguish spoofed windows and webpages from legitimate ones.
Here's a clever scheme by Rachna Dhamija and Doug Tygar at the University of California Berkeley that tries to deal with the problem. It's called "Dynamic Security Skins," and it's a pair of protocols that augment passwords.
First, the authors propose creating a trusted window in the browser dedicated to username and password entry. The user chooses a photographic image (or is assigned a random image), which is overlaid across the window and text entry boxes. If the window displays the user's personal image, it is safe for the user to enter his password.
Second, to prove its identity, the server generates a unique abstract image for each user and each transaction. This image is used to create a "skin" that automatically customizes the browser window or the user interface elements in the content of a webpage. The user's browser can independently reach the same image that it expects to receive from the server. To verify the server, the user only has to visually verify that the images match.
LucidLink Releases Demo Chronicling Wi-Fi Hacker Attack
To truly understand a criminal, you have to get inside his mind and think as he does. Follow his steps. See what he sees. LucidLink Wireless Security has done just that, creating a Flash demonstration that chronicles the steps hackers follow while tapping into wireless networks to gain access to confidential information. In an attempt to raise awareness about the security implications of unsecured wireless networking, LucidLink has recently added the demonstration to its website.
The demonstration takes viewers through a step-by-step explanation of a hacker's activities, explaining how war drivers find wireless networks, gather information about them, and eventually infiltrate them in order to gain access to personal identity and company confidential information. The demonstration uses screen shots captured from freely available hacker programs so that viewers can see what hackers see as they click their way closer to breaking into even secured wireless networks.
The demonstration takes viewers through a step-by-step explanation of a hacker's activities, explaining how war drivers find wireless networks, gather information about them, and eventually infiltrate them in order to gain access to personal identity and company confidential information. The demonstration uses screen shots captured from freely available hacker programs so that viewers can see what hackers see as they click their way closer to breaking into even secured wireless networks.
