The Silver Bullet Security Podcast #11

On the 11th episode of The Silver Bullet Security Podcast, Gary talks with Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Portgraduate School. Previously, Dorothy was a distinguished professor at Georgetown University and a professor at Purdue University. Gary and Dorothy discuss Dorothy’s involvement in the Clipper Chip controversy (which earned Dorothy the moniker “clipper chick”), the concept of geo-encryption, and a famous 1990 paper she wrote describing a series of interviews with malicious hackers.

Get it here.

Product Spotlight - USB Keylogger

Got a spare $80.00 bucks in your pocket?

2 Megabytes (16 Mbit) over 2,000,000 keystrokes
(around 1 years worth of intensive typing)

This keystroke recorder has up to 8 Megabytes memory capacity, organized into an advanced flash file system. Super fast data retrieve is achieved by switching into Flash Drive mode for download. Completely transparent for computer operation, no software or drivers required. Supports national keyboard layouts.

Buy it here.

Missing FBI Laptops Still a Problem

Nice example for the rest of us...

Three or four FBI laptop computers are lost or stolen each month and the agency is unable to say in many instances whether information on the machines is sensitive or classified, the Justice Department's inspector general said Monday.

Of the 160 laptops lost or stolen over a 44-month period, 10 contained sensitive or classified information. The bureau did not have records on whether 51 others contained such data.

In a report five years ago, the inspector general said 354 weapons and 317 laptop computers were lost or stolen during a 28-month review.

Full Story form the AP here.

Home Security - Apperanntly TV can Kill You!

Mummified body found in Hampton Bays home

Southampton police responding to burst water pipes in a Hampton Bays home found the mummified body of the owner -- dead for more than a year -- sitting in a chair in front of a television, officials said Friday.

The television was still on.

Vincenzo Ricardo, 70, appeared to have died of natural causes in his home on Wakeman Road, said Dr. Stuart Dawson, Suffolk deputy chief medical examiner.

The medical examiner's office considered his body mummified because the lack of humidity in his home preserved his features, morgue assistant Jeff Bacchus said.

Full Story.

Judge Limits New York Police Taping

Could this set a precedent for other cities?

In a rebuke of a surveillance practice greatly expanded by the New York Police Department after the Sept. 11 attacks, a federal judge ruled yesterday that the police must stop the routine videotaping of people at public gatherings unless there is an indication that unlawful activity may occur.

Four years ago, at the request of the city, the same judge, Charles S. Haight Jr., gave the police greater authority to investigate political, social and religious groups.

In yesterday’s ruling, Judge Haight, of United States District Court in Manhattan, found that by videotaping people who were exercising their right to free speech and breaking no laws, the Police Department had ignored the milder limits he had imposed on it in 2003.

NY Times story here.

Friday Fun - Batman Sighting Puts Schools on Lockdown

SCOTTSDALE, Ariz. (AP) -- To an Arizona middle school, Batman! Three schools in the north Phoenix suburb of Cave Creek were on lockdown for about 45 minutes Wednesday morning after a student at Desert Arroyo Middle School reported seeing a person dressed as Batman run across campus, jump a fence and disappear into the desert, Scottsdale police Sgt. Mark Clark said.

More here.

Wow, lockdown.... Holy panic Batman!

Fine for Stolen Laptop

The Nationwide Building Society has been fined £980,000 by the City watchdog over security breaches.

The fine follows the theft of a laptop from a Nationwide employee's home which contained confidential customer data.

The Financial Services Authority (FSA) found security was not up to scratch after the man had put details of nearly 11 million customers on his computer.

The FSA also found that the Nationwide did not start an investigation until three weeks after the theft occurred.

Full story here.

Do you think fines on this side of the pond would help?

Substitute Teacher Faces Jail Time Over Spyware

More on this previously posted story -

A 40-year-old former substitute teacher from Connecticut is facing prison time following her conviction for endangering students by exposing them to pornographic material displayed on a classroom computer.

Brian Krebs from the Washington Post, has an update on the case here.

Hiatus is over, posting returns....

This makes me smile...

TRENTON, Ohio -- Two Edgewood High School students were arrested Thursday and accused of hacking into the school district’s Web site to schedule an unplanned – and unauthorized – snow day.

School officials had originally planned a one-hour delay for Monday morning, following an established procedure, so they were surprised to see an announcement Sunday night that classes were canceled.

Full story here.

"I asked for a car, I got a computer. How's that for being born under a
bad sign?" - Ferris Bueller

Hack5 Episode 2×07 LIVE February 3rd

The folks from hak5 will be broadcasting live today...

We’re excited to be announcing that episode 2×07 will be broadcasted LIVE over the Internets this February 3rd at 3:00 PM EST (-5 GMT). This schedule should work better for our European viewers.

We welcome you to sign up at hak5.org/live if you have a question for the cast and would like to be a guest on the show. There you can also find information on the stream and connecting.

Friday Fun - Humvee driving in Iraq

On the one hand, the story with this video says that American soldiers have to drive like this to limit the risk of attack. Some in the comments say its arrogant, and it’s no wonder Iraqis hate Americans. Others says if the driver slows down, gunfire would start, and thats not safe for anyone. What do you think?

ShmooCon - Reminder!

The next (and last) round of tickets will go on sale today - Feb. 1st at noon EST.

Get yours here.

Airport Security Game

See if you can keep up with the ever-changing airport security rules.

Play here.

Securing a 'Buzz' - Just what the Doctor Ordered...

'Buzz Donut' offers sweet caffeine fix

Dr. Robert Bohannon wants you in his world. It's fast, upbeat, jovial and driven by caffeine -- lots of it.

But four to six cups of coffee a day aren't enough for Bohannon. And he believes others share his need for more options when it comes time to pursue that caffeine buzz.

So the molecular scientist who moonlights as a café owner developed a way to add caffeine to baked goods, one that eliminates the natural, bitter taste of caffeine.

"This gives people the opportunity if they want to have a glass of milk and want to have caffeine. It will get them going," Bohannon said.

The amount of caffeine in his creations can vary, but Bohannon can easily put 100 milligrams of caffeine -- the equivalent of a 5-ounce cup of drip-brewed coffee -- into the treats he plans to market under the "Buzz Donuts" and "Buzzed Bagels" names.

Full story here.

X-ray cameras 'see through clothes'

From across the pond...

The Government is considering installing X-ray cameras on lampposts to spot armed terrorists and other criminals.

According to a leaked memo seen by The Sun, "detection of weapons and explosives will become easier" if the scheme drawn up by Home Office officials is adopted.

However, officials acknowledged that it would be highly controversial as the cameras can "see" through clothing.

"The social acceptability of routine intrusive detection measures and the operational response required in the event of an alarm are likely to be limiting factors," the memo warned.

"Privacy is an issue because the machines see through clothing."

Full story here.

Kaspersky Lab releases an article about Vista and security

The Kaspersky Lab folks have released a new article entitled Vista vs. Viruses, in which Alisa Shevchenko, a Kaspersky Lab antivirus expert, analyzes various aspects of IT security with specific reference to Windows Vista.

You can read the full version of the article, Vista vs. Viruses, on Viruslist.com.

Vista Version - What would you pick?

National Security

What do you think... good thing or bad thing?

While you were sleeping (Bush took over the Government)

United States President stealthily took over the Federal Government last week through a new executive order last week that takes away all autonomy from Agencies, according to public interest organizations.

The order amends a series of previous executive orders that culminated in Executive Order No. 12,866, which the White House has used to give itself the power to review regulations before they can be officially published in the Federal Register.

Full story here:

Some "Brief" Friday Fun

From the website:

The "Brief Safe" is an innovative diversion safe that can secure your cash, documents, and other small valuables from inquisitive eyes and thieving hands, both at home and when you're traveling. Items can be hidden right under their noses with these specially-designed briefs which contain a fly-accessed 4" x 10" secret compartment with Velcro closure and "special markings" on the lower rear portion. Leave the "Brief Safe" in plain view in your laundry basket or washing machine at home, or in your suitcase in a hotel room - even the most hardened burgler or most curious snoop will "skid" to a screeching halt as soon as they see them. (Wouldn't you?) Made in USA. One size. Color: white (and brown).

To add realistic smell, check out "Doo Drops".

One Hacker Kit Accounts For 71% Of Dec Attacks

Tagged with the moniker "Q406 Roll-up," the attack kit was behind 70.9% of last month's attacks, reported Atlanta, Ga.-based Exploit Prevention Labs. Up to a dozen different exploits make up the kit, which includes several exploits derived from the proof-of-concept code that researcher HD Moore published in July 2006 during his "Month of Browser Bugs" project.

Exploit Prevention Labs launched a line of exploit detection tools -- LinkScanner Lite and LinkScanner Pro -- in November. The former is free, while the latter is priced at $19.99 for a one-year subscription.

More info here:

Low Tech Fix for High Tech Problem

Handheld Paper Shredder The Shredder Hand is the most convenient and compact way to get rid of those expired coupons, unwanted papers and old, confidential paper documents. At first glance it's just a pair of scissors, but with further exploration you will see that you can shred documents, or just parts of documents, without any electric or battery-operated power. Being the cheapest shredding option around it is amazing to think that it also has a long life and is small enough to be transported easily from the home to the office or classroom.

The Silver Bullet Security Podcast

The tenth episode of The Silver Bullet Security Podcast features a panel discussion with the Fortify Software Technical Advisory Board, several of whom have been featured on previous episodes. The group discusses what commercial software tools can learn from academic research, the state of software security in China, real world lessons learned while using static analysis tools, and software security pedagogy.

Aircrack-ng 0.7 is Released

aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact aircrack is a set of tools for auditing wireless networks.

Aircrack-ng is the next generation of aircrack with lots of new features (planned and wanted).

Risky Business - Greynets

We know very well that many security breaches occur due to simple human error. While most people know by now, not to write down passwords and/or leave their laptops unprotected, they may not know about a relatively new threat: greynets.

A new FaceTime study reports -

2007's Biggest Risk: Employees Undermining Corporate Security

The danger of this new breed of malware is compounded by the increasingly risky behavior of today's employees, who frequently introduce consumer greynet applications onto the corporate network– most often without the sanction of their IT department. The user is squarely at the cornerstone of enterprise security concerns, according to FaceTime's Second Annual Greynets Survey (October, 2006). The survey revealed that:

• Four in ten end users (39%) believe they should be allowed to "install the applications they need on their work computers," independent of IT oversight or policy.
• Fifty-three percent of end users report they "tend to disregard" company policies that govern greynet usage, specifically IM and peer-to-peer file sharing.
• Eight in ten IT managers are at locations that have experienced greynet-related attacks within the last six months
• The number of greynet applications installed on a typical enterprise network have increased dramatically; work locations where eight or more greynet applications are in use have doubled, growing from 20 percent of all locations in 2005 to 41 percent in 2006.
• Sixty percent of managers report that within the past six months, security attacks have been more likely to have invisible effects (like keyloggers) rather than outcomes apparent to the end user, such as a hijacked browser, making compromised PCs more difficult to detect.

Swedish bank hit by 'biggest ever' online heist

Two take-aways from this story...

One - this wasn't an online bank heist, this was just a plain old dumb user heist.

Nordea spokesman for Sweden, Boo Ehlin, said that most of the home users affected had not been running antivirus applications on their computers.

Ehlin blamed successful social engineering for the heist, rather than any deficiencies in Nordea's security procedures.

"It is more of an information, rather than a security problem," said Ehlin. "Codes are a very important thing. Our customers have been cheated into giving out the keys to our security, which they gave in good faith."

Two - why should the bank be responsible for this? If I break into your house and steal your checkbook and/or a credit card, is the bank responsible? How is this different?

The bank has borne the brunt of the attacks and has refunded all the affected customers.

RF Jammer

Ninja Strike Force member Lady Ada has posted a design for a self-tuning, microprocessor controlled, wide band RF jammer.

This website details the design and construction Wave Bubble: a self-tuning, wide-bandwidth portable RF jammer. The device is lightweight and small for easy camoflauging: it is the size of a pack of cigarettes.

Lost HOPE?

2600 Magazine's hacker conference Hackers On Planet Earth (HOPE) has been held at the Hotel Pennsylvania since 1994...

HOTEL PENN THREATENED WITH DEMOLITION - HOPE CONFERENCES IN JEOPARDY

We received this disturbing news earlier in the month. Apparently the realty company that owns the Hotel Pennsylvania, site of our HOPE conferences, wants to tear down the historic hotel and replace it with a huge financial tower. Such a move could spell the end of HOPE.

The Hotel Pennsylvania was built in 1919 and has a very rich history. It has been home to many a "big band" concert in its early years and was the inspiration for the famous Glenn Miller song "PEnnsylvania 6-5000," a phone number that still rings at the Hotel Pennsylvania switchboard. The building itself, as any HOPE attendee knows, is filled with hidden corridors, rooms, and even floors. Being right across the street from Penn Station (New York's main train station), it's extremely easy to get to for those coming to New York for the first time. And because it's not an overly expensive place to stay, it's proven very popular for travelers from all over the world.

We've hosted five HOPE conferences at the Hotel Pennsylvania since 1994 and the next one is set for 2008. In preparation for this, and to discuss the fate of the hotel among other things, we are today launching a web-based forum for all things HOPE-related. You can reach this brand new forum at talk.hope.net.

Secure Relationship?

1 in 8 men would dump their girlfrend for an iPod

Yes, this is a fairly silly survey conducted on behalf of a company that wants you to use it to buy more gadgets. But still, the fact that one in eight men would apparently consider swapping their partner for the latest iPod, widescreen TV, home cinema system or fridge freezer is pretty shocking.

Full story here.

Verisign's ongoing Quarterly Vulnerability Challenge

Computer security firm Verisign (iDefense) is offering some hefty bounties on vulnerabilities reported in Microsoft's Windows Vista operating system and IE7 web browser. It's a part of Verisign's ongoing Quarterly Vulnerability Challenge, where hackers of the world are invited to exploit various categories of software for fun and profit...

Vulnerability Challenge Ground Rules:

• The vulnerability must be remotely exploitable and must allow arbitrary code execution in a default installation of one of the technologies listed above
• The vulnerability must exist in the latest version of the affected technology with all available patches/upgrades applied
• 'RC' (Release candidate), 'Beta', 'Technology Preview' and similar versions of the listed technologies are not included in this challenge
• The vulnerability must be original and not previously disclosed either publicly or to the vendor by another party
• The vulnerability cannot be caused by or require any additional third party software installed on the target system
• The vulnerability must not require additional social engineering beyond browsing a malicious site

Security Now 74: Peter Gutmann On Vista Content Protection

Steve Gibson's Security Now podcast just aired a very good interview with Peter Guttman, the security researcher who wrote "A Cost Analysis of Windows Vista Content Protection".

Personal Security - Dirty Hospitals

Two million patients are infected in hospitals each year and 90,000 of those Americans die.

Of every 20 people who go into a U.S. hospital, one of them picks up something extra: an infection. It's a lousy card to draw. Infection stalls recovery, sometimes requiring weeks of intravenous antibiotics or a grueling round of surgeries to remove infected tissue. And for 90,000 Americans a year, the infections are a death sentence.

Full story here.

WTF or TGIF... It's Friday - Teacher found guilty of exposing kids to smut

State Prosecutor David Smith said he wondered why Julie Amero didn't just pull the plug on her classroom computer.

The six-person jury Friday may have been wondering the same thing when they convicted Amero, 40, of Windham of four counts of risk of injury to a minor, or impairing the morals of a child. It took them less than two hours to decide the verdict. She faces a sentence of up to 40 years in prison.

Full story here.

Those poor kids! I imagine they will be scared for life and their morals impaired forever...

Secure World? Not

George W. Bush told Americans he would send over 20,000 more U.S. troops to halt Iraq's collapse into civil war.

The surge in troops will do nothing to change the underlying dynamics that continue to drive the violence in Iraq: deep-seated religious, ethnic, and tribal divisions and hatreds; and a high and rising level of antipathy among Iraqis across the sectarian divide towards the continuing occupation of their country by Western armies...

Bedtime reading...

http://www.metaeye.org/

Metaeye defines itself as metamorphic security that relates to definite change in the structural components of computer security with the passage of time and to incarnate itself by providing protective and innovative solutions.The Metaeye generically sets an element of metamorphism to this present security world.

Did the NSA Fix Vista?

Things that make you go hmmm... Wonder what else they have stuck in there?

When Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency.

For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system -- the brains of a computer -- to protect it from worms, Trojan horses and other insidious computer attackers.

Full story here.

That's Nice... Do Something That Looks Illegal, But Isn’t, Then Sue

Woman settles case over flour-filled condoms

A U.S. college student imprisoned for three weeks for trying to take flour-filled condoms onto an airplane has settled her lawsuit against Philadelphia for $180,000, a city spokesman said on Friday.

Janet Lee, 21, a student at Bryn Mawr College in Pennsylvania, was arrested at Philadelphia International Airport in 2003 after police and security officials thought the flour was an illegal drug.

She was held in Philadelphia on drug-trafficking charges and released only when tests proved the substance in the three condoms was flour.

The condoms, which are sometimes used to smuggle drugs, were a joke among the students, and Lee was taking them home to Los Angeles.

Her civil rights case against Philadelphia, which had been set to go to trial on Thursday, was settled for $180,000, said Ted Qualli, spokesman for Philadelphia Mayor John Street.

System/Software Inspection Tool

Secunia Software Inspector is a handy new online tool. Do you think this is a good thing? Or a great way to collect data?

Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.

ShadowServer

The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud.

Their recent Bot numbers here.

Early Warning Bark Worse Than Bite

An Israeli firm has designed a security system to ensure jailbreakers or intruders find a guard dog's bark can indeed be worse than its bite.

Harnessing technology that interprets barking -- to see if an animal is responding to a threat instead of just routinely woofing -- the company aims to replace or supplement expensive electronic surveillance systems.

"There is currently very little utilisation of the watchdog's early warning capabilities," says privately owned manufacturer Bio-Sense Technologies, based in the Israeli town of Petah Tikva,on its Web site.

Full story here.

Life and Death? Medical Identity Theft

Business Week has an article about the risk of “medical identity theft”.

When Lind Weaver opened her mailbox one day in early 2004, she was surprised to find a bill from a local hospital for the amputation of her right foot. Surprised because the 57-year-old owner of a horse farm in Palm Coast, Fla., had never had worse than an ingrown toenail.

WikiLeaks

WikiLeaks good or bad thing?

WikiLeaks is developing an uncensorable version of WikiPedia for untraceable mass document leaking and analysis. Our primary targets are highly oppressive regimes in China, Russia, central eurasia, the middle east and sub-saharan Africa, but we also expect to be of assistance to those in the west who wish to reveal unethical behavior in their own governments and corporations.

More Friday Fun with Tasers!

Nothing better than watching "B" celebrities get tasered!

Friday Fun - Police hold camel over murdering a buffalo!

The camel got it in the end anyway... Full story here.

Abdul Waris Ali Shah, a resident of the area, had tied up his camel he had bought for Rs 38,000 for sacrifice. Sometime later, another resident of the same area Gulfam tied his sacrificial buffalo near the camel.

In the night, the camel fell upon the buffalo, bit the latter in the chest and gave it numerous blows with its front legs and killed it.

The other day when Gulfam, reached the spot to pick up his buffalo, he found it dead and rushed to the nearby police station to lodge an FIR against Abdul Waris.

And, interestingly, the police took the camel into custody, apparently for murdering the fellow mammal!!

Domaintools.com

Like other sites like DNSstuff.com, etc. Domaintools.com offers some handy online tools - many are for free. One of the things I like about Domaintools is that you can subscribe to an alert service that will let you know when a new domain with certain keywords has been registered. This can be a helpful tool for identifying Phishing sites before the emails start to fly...

Check them out here.

Computer Hacker Steals $150,000 from Portage County Clerk of Courts Office

Read between the lines and I don't think this was a "hack" at all but just an old fashion case of fraud. This whole story seems a tad ignorant...

"With computers today you don't have to be anywhere close to the scene to commit some serious thefts..The ability to bank electronically is a major convenience to us but a huge security risk," said Stevens Point Police Chief Jeff Morris.

Chief advises that if you have an on line bank account check it daily. Also beware of people asking for your PIN, Social Security number or other information over the Internet.

Detecting temperature through clock skew

Steven Murdoch's presentation about how people can unmask an anonymous online publisher by remotely monitoring his computer's temperature.

Even if that computer moves location and changes ISP, it can be later identified through this clock skew. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computers environment, which has wide-scale implications on security and privacy.

Secure Future - Toddler Found Playing Along Busy Highway

Hopefully this scary event is the key to a safe and secure new year for this innocent boy and his sister...

(12-31) 12:22 PST Indianapolis (AP) --

Drivers swerved cars and trucks into other lanes to avoid a 3-year-old boy, wearing only a diaper and T-shirt, who was playing along a busy highway after wandering away from home while his mother slept, police said.

Some motorists stopped along Interstate 465 on the city's west side Saturday to take care of the boy until officers arrived, the Indiana State Police said.

Police said they traced the toddler to an apartment at a nearby complex, where they found his mother, Nancy Dyer asleep in a filthy apartment and his 2-year-old sister eating spaghetti off the floor.

Child Protective Services took the boy and his sister into custody, and investigators said the agency also had been called to the apartment Thursday because the boy was outside unsupervised.

Spy Numbers Stations on Shortwave Radio

Grandma give you a shortwave radio for Christmas? Have some fun with it here.

"59372 98324 19043 78903 95320...". The mechanized female voice drones on and on... What have you stumbled on to? Instructions to spies? Messages exchanged between drug dealers? Deliberate attempts at deception and mis-information?

Chances are, all of the above! What you've tuned in to is called a "Spy Numbers Station". They've been on the air for several decades, and only recently have the mysteries started to unfold. But there's still much we don't know about these mysterious stations. With the information on these pages, you'll discover the little that we do know about these stations, what we're still trying to learn, and how you too can tune in to the spies.

ShmooCon Reminder

January 1, 2006 - second round of ticket sales

Register here.

Let's Hope for a Happy New Year...

In a span of a few hours, 2,973 people were killed in the Sept. 11, 2001, terrorist attacks. In a span of 45 months, the number of American troops killed in Iraq has exceeded that grim toll...

"An eye for an eye makes the whole world blind."

- Mahatma Gandhi

Daddy get you a new car for x-mas? Lockpicking - BMW decoder tool

Here is a video showing the demonstration of a BMW lock decoder tool and software that allows you to open almost any BMW lock.

You are going to put your Call Center where?

Indian banks, government and commercial sites have seen a very large increase in defacements and phishing attacks in 2006 according the the CERT-In.

Analysis of defaced Indian websites year-2006 (till June) (ciwp-2006-02)

CISSP, CISA, and SSCP Open Study GROUP Online Quizzer

An updated version of a handy online quizzer engine for CISSP, CISA, SSCP, HIPAA, and SOX.

More info here.

On the Tuesday before Christmas...

my mom accidentally gave to me - An MP3 player full of pornography.

On Tuesday, Chanell Martin gave her 12-year-old daughter an early Christmas present as a reward for helping out weekends at the family's Lincoln Mall store.

Her daughter, a sixth-grader, was delighted with the black Microsoft Zune media player Martin purchased earlier that day at the Evergreen Park Wal-Mart.

But not for long.

Martin went to her room while her daughter plugged the device, which can play music and video, into the family's computer.

"She said, 'Mom -- what's this?' " Martin said. "When she handed (the player) to me she was looking at a gay orgy."

On the Zune's hard drive, Martin discovered, was about 6-- hours of hardcore gay pornography and a "slideshow" of another 62 pornographic images.

Full story here.

Secure Air Space - Track Santa

For more than 50 years, NORAD and its predecessor, the Continental Air Defense Command (CONAD) have tracked Santa.

NORAD Santa tracker here.

Tis The Season - Christmas.exe

Tis that time of the year when the malware writers out there are going to send their holiday cheer packed in an seasonally named file. This time it's Christmas.exe...

There is a good article about it over on f-secure. Check it out here.

New Year - New Look

Figured it was time for a new look... Let me know what you think...

Happy Holidays!

Friday Fun - Tour XM

Some Washington Post's folks took a tour of DC-based XM Satellite Radio's New York Avenue complex. At blog.washingtonpost.com...

The Silver Bullet Security Podcast

In the ninth episode of The Silver Bullet Podcast, has Gary McGraw interviewing Bruce Schneier. In this episode, they discuss the connection between physical security its technological component, the idea of risk management, the intersection of economics and security, and the ideas of “wholesale surveillance” and “security theater.” They also discuss patch Tuesday, hack Wednesday, and Microsoft’s approach to software security...

XSS Intro/Demo

XSS stands for cross site scripting (CSS) Since CSS is already taken by Cascaded Style Sheets, it is named XSS X standing for a Cross. It is a kind of hacking which allows you to deface websites, loggin as another user etc.

More info here.

WALSTIB or Friday Fun!

Hermaphroditic deer with seven legs ‘tasty’

Hey you smell something?

Chainsaw Wake up

Question of the day

Things that make you go hmmm...

"Wonder if any of the Allbrittons (Joe, Robert, Barbie) will be going to Chile for the funeral of Augusto Pinochet???"

Getting Hacked Results In Armed Police Raid

A Denver woman who didn't have adequate security on her home computer paid the price.Serry Winkler was visited by several officers with a search warrant who demanded that she turn over her computer.They were investigating a case of computer fraud. The woman's computer was apparently infected by a bot or robot.

Watch video.

Full story here.

nmap-4.20 released

Just what I wanted for xmas! Nmap-4.20 has been released.

Get it here.

Guardian comments on ".bank"

The Guardian newspaper has a story about why do museums have a secure, restricted .museum top-level domain but banks don't have .bank?

You would think that banks get phished via fake domains much more than museums do...

"There are no safeguards whatsoever against someone registering a domain name and using it for nefarious purposes," says Richard Martin, a business security consultant at the UK clearing bank group Apacs. Barnaby Davis, director of electronic banking for Barclays, says: "We're well past the tipping point when something needs to be done that makes it harder to register URLs or makes the consequences for misuse harsher."

Full story here.

The Cheapskate’s Infosecurity Toolbox

From CSOonline.com

A list of free-to-download tools for the budget-pinched CISO

BartPE: Preinstalled Environment
Troubled by that incessant spyware or virus that just doesn't seem to go away? Need a way to troubleshoot a system without booting the operating system installed on it? BartPE and the right plug-ins will let you do this. www.nu2.nu/pebuilder

Snort: Open Source Intrusion Detection System
Arguably the world's most used Intrusion Detection System. Both Windows and Linux binaries are available. www.snort.org

VMWare Server: A virtual environment
It finally happened: VMWare is available for free. Patch management, QA, vulnerability remediation testing and other daily activities are now available without a significant capital investment. VMWare also offers images of various environments, configurations and operating systems available for download (they're called "appliances") and ready to use in conjunction with the main product. Just download, point VMWare to the image and test away! www.vmware.com/products/server

DataRescue's IDA Pro Freeware 4.3 disassembler and debugger
Although not posted on the DataRescue site anymore, the free version of their utility will turn up with a quick Google dig. Try www.programmersheaven.com/

OllyDbg disassembler and debugger
Probably the world's most used debugger disassembler. Gives most commercial debuggers a good run for their money. www.ollydbg.de

eEye Digital Security's Binary Diffing Suite
A good, free suite of binary diffing tools you can use to see the effect that a released patch may have on your environment. Read the website, as there are some platform dependencies. research.eeye.com/html/tools/RT20060801-1.html

Cygwin: Linux-like environment for Windows
Need to run some scripts or programs that previously ran only under Linux? Do you miss your Linux command line when running Windows? www.cygwin.com

Nagios: An open-source host, service and network monitoring program
Not for security only, but Nagios can be used to monitor for events that typically have security implications. This is one that you and your CIO will agree upon. www.nagios.org

iptables and Firewall Builder: Firewall and Management Interface
Don't have the deep pockets for a Checkpoint, Cisco or Juniper? Iptables comes with most Linux distributions. Not comfortable using a command line to manage it? Firewall Builder is an intuitive way to install and manage the rule set. Get a couple of credit card CDs, create a bootable distribution, and you've got a firewall in your pocket. www.iptables.org and www.fwbuilder.org

Apache SpamAssassin: Fight Spam at the Gateway
Not really a secret to most people. With the right configuration this is difficult to beat no matter how much you spend on an antispam solution. spamassassin.apache.org/index.html

OpenSSH for Windows: Secure Shell for Windows
Because FTP is so passé (and insecure), use OpenSSH on the server side coupled with "PuTTY" and WinSCP on the client side for a cheap way to secure your file transfers. sshwindows.sourceforge.net, www.chiark.greenend.org.uk/~sgtatham/putty and winscp.net

Cheops-ng: "The Network Swiss Army Knife"
A tool for mapping and monitoring your network. This is an excellent free way to track down most of the systems on your network. cheops-ng.sourceforge.net/download.php

ACID (Analysis Console for Intrusion Databases):
An analysis engine to search and process security events generated by various intrusion detection systems, firewalls and network monitoring tools. acidlab.sourceforge.net

Body of missing CNET editor James Kim has been located

The saddest part of this story is that if Mr. Kim would of stayed with his car and family, he would sill be here. Certainly his heart was in the right place, but almost every survival expert will tell you - to say with your car especially in the winter, cold and snow...

Kim, 35, left his family's stranded car Saturday morning searching for help and never returned. Kim apparently traveled in an 8-mile circle and was found less than a mile, separated by a sheer cliff, from where his family's station wagon got stuck in the snow. Officers said there was no way to determine whether he was trying to return to his starting point or if he became disoriented.

"He was very motivated...he traveled a long way," Josephine County Undersheriff Brian Anderson said.

Related Links:

http://jamesandkati.com

Mom, 2 kids survive

A commercial satellite-imagery company said Tuesday it is rerouting one of its satellites to fly over the Oregon wilderness where rescue crews search for CNET editor James Kim.

How To Survive If Lost In Wilderness - CBS News

Firewall for RFIDs

A Platform for RFID Security and Privacy Administration - This paper is a must-read paper for anyone who cares about electronic privacy and who wants to catch a glimpse of the future...

ShmooCon '07 Tickets On Sale Now!

The Early Bird tickets for December are already sold out! If you want $75 tickets, ck back on Jan 1st.

To register for ShmooCon, click here.

Important Dates and Deadlines:

• December 1, 2006 - first round of ticket sales
• January 1, 2006 - second round of ticket sales
• February 1, 2007 - last round of ticket sales

2007 Ticket Price Structure:

• Early Bird Tickets - $75, Overall Qty to be sold - 300
• Open Registration - $150, Overall Qty to be sold - 450
• I love ShmooCon Tickets - $300, Overall Qty to be sold 50

Christmas Themed Hacker Challenge

Ed Skoudis's Christmas Themed Hacker Challenge...

"Hey, challenge fans! To close out the year, I've posted a Christmas-themed hacker challenge, this one based on the movie, A Christmas Story. You remember that one... with the Messy Marvin kid, the interesting lamp, and the Red Rider Beebee gun. In this challenge, you get to help Ralphie explore his Old Man's network, trying to retrieve a copy of his parent's Christmas gift list. But, be careful, or else you'll hack your eye out! Entries are due by December 22, when we'll award three winners a copy of my book."

Criminals find way to disable internet

Very interesting post detailing how criminals are hijacking portions of the internet and thousands of sites. The internet hijackers are re-directing sites to one-page spam sites where they collect ad revenue by people clicking on the ads. Sometimes the internet hijackers are just doing it for minutes at a time, other times for hours.

Fun with Google

Example on how to find +55,000 résumés

A Headhunter's dream...

Machines of Loving Grace

It always amazes me that this was written in 1963...

All Watched Over by Machines of Loving Grace,
by Richard Brautigan (1963)

I like to think
(and the sooner the better!)
of a cybernetic meadow
where mammals and computers
live together in mutually
programming harmony
like pure water
touching clear sky.

I like to think
(right now, please!)
of a cybernetic forest
filled with pines and electronics
where deer stroll peacefully
past computers
as if they were flowers
with spinning blossoms

I like to think
(it has to be!)
of a cybernetic ecology
where we are free of our labors
and joined back to nature
returned to our mammal
brothers and sisters
and all watched over
by machines of loving grace.

psiphon to be released December 1st 2006

psiphon is a human rights software project developed by the Citizen Lab that allows citizens in uncensored countries to provide unfettered access to the Net through their home computers to friends and family members who live behind firewalls of states that censor.

Read about and download it HERE

A Couple of Free Password Generators

http://password.10try.com/

or

http://www.winguides.com/security/password.php

$3 Pen-Sized Digital Camera

How can you go wrong for $3 bucks? Stocking Stuffer here I come!

Check out the DigiCam's specs:

• Sensor Type: CIF/CMOS
  
  
• Interface Type: USB
  
  
• Resolution: 640x480 VGA
  
  
• Video: 9 fps hi-res, 20 fps low-res
  
  
• Memory: 2Mb – 20 to 80 images
  
  
• Dimension: 4.9" x 1.2" x 0.8"
  
  
• Batteries: AAA x 2 Alkaline Batteries
  
  
• Battery Capacity: Continuous Snapshots for 2 hours
  
  
• Stand-by can work about 2 weeks
  
  
• USB Power: When connected the camera draws its power from PC
  
  
• Viewable Angle: 54 degrees

Holidays are for Kids...

How easy is it to pick a lock you ask? Most locks you come in contact every day are so easy even a 9 year old child can pick a lock their first time if you show them how!

Watch this short video! 9 Year Old Lock Picker

Happy Thankgiving!

'Worm' attacks Second Life world

Virtual world Second Life had to close its doors for a short time on Sunday after a worm attack called grey goo.

The self-replicating worm planted spinning gold rings around the virtual world, which is inhabited by more than a million users.

Players treated the attack with a mixture of mirth and anger.

"Can this game get any more unpredictable and exciting?" asked one user, Loretta Lurra on the official Second Life blog.

As users interacted with the rings they replicated, resulting in a slowdown on the servers used by Second Life's creators Linden Lab, in California.

Second Life has become one of the most talked about developments in cyberspace in recent years.

Panty Raid

Portland Officer in Panties Case Admits, Resigns

ELIZABETH SUH
The Oregonian (Portland, Oregon)

A Portland police officer pleaded guilty Monday to two counts of official misconduct for asking two women to show him their underwear during a traffic stop in July.

In a plea bargain, John Alexander Wood, 31, agreed to resign, have his police certification revoked immediately and face two years of probation and 100 hours of community service.

Portland Police Chief Rosie Sizer said in a news conference that she was disturbed to learn of the allegations and praised the complaint and review system that acted swiftly to investigate.

The two women reported the incident to police July 26, five days after it happened. Police encouraged the women to file a complaint with the Independent Police Review Division. After the women did so, detectives began a separate investigation and Wood was placed on paid administrative leave. Wood was hired as a Portland police officer in January 2003 and was working as a district patrol officer at the time of the incident.

In the course of investigation, detectives contacted a third woman who also said that Wood asked her repeatedly to show him a tattoo on her groin.

"Community members should be able to trust sworn police officers," Sizer said. "It is my hope that the community will view this as the isolated case it was."

The Oregonian is not naming the two victims.

In a hearing Monday afternoon before Multnomah County Circuit Judge Jean Kerr Maurer, one of the women, who is from Spokane and in her early 20s, spoke of how the traffic stop plagues her every day.

"I have trouble sleeping, and I am still unable to drive at night alone," the woman said, reading from a prepared statement. "Every time I see a law enforcement official, I feel as though I can't breathe and I start to feel nauseous."

Wood wrote letters of apology to the two women, who read them after the hearing, said their attorney, John Allison.

The women told detectives they had spoken with Wood as they were leaving Dukes, a nightclub in East Portland, in the early morning hours of July 21, according to interview records released by police. Wood was in the parking lot in a marked patrol car.

The women claim Wood pulled them over while they were driving home on Interstate 205 at about 3:15 a.m. and told them to lift their skirts and show him their underwear or he would take them to jail for driving under the influence. The women said that Wood also asked them if they had breast implants and if they shaved their pubic hair.

The women said they complied with Wood's requests and he concluded the stop without writing a ticket.

Wood initially denied all allegations in interviews with detectives, saying he had contact with the three women but had not made inappropriate demands.

Allison, the attorney, said Wood couldn't be charged with sexual assault because he didn't touch the women. But, Allison said, Wood made a "full and complete admission" of his crimes in his letter to the women.

In the second incident, which occurred shortly after the first, a woman said Wood approached her and her boyfriend while they were parked in a van outside Ventura Park at Southeast 113th and Pine streets, according to police interviews.

She said she showed Wood a tattoo on her groin three times after he asked to see it under threat she would go to jail for failing to have proper identification on her. The woman is now in custody at the Multnomah County Detention Center for an unrelated probation violation.

Wood is the second law enforcement officer to come under scrutiny recently for inappropriate demands during traffic stops.

A criminal investigation begun in November 2004 found that Multnomah County Sheriff's Deputy Christopher Green asked several women he stopped to either lift their shirt up, remove their bra or unzip their pants while pretending he was searching for a suspect with a flower tattoo. The inquiry also showed Green lied about what he did when questioned by a supervisor.

Green remains on paid leave as the Oregon Department of Public Safety, Standards and Training board considers revoking his police certification. The Multnomah County district attorney's office also has renewed a criminal inquiry into Green's actions.

Game Consoles - High Risk?

Gartner: Crims will use PS3 to crack crypto

That's the opinion of Gartner's Steve Prentice, voiced yesterday at the firm's ITxpo/Symposium in Sydney.

Prentice said PlayStation 3 will pack an impressive 207 teraflops of power under its slim hood when released locally next year. By comparison, his research indicates that the .entry level. machine from supercomputer Cray offers 230 teraflops.

"There will be millions of PlayStation 3's sold, and they will all be online," he said, predicting that the sheer computing power available between the machines will be among the largest and most powerful computers ever assembled.

That power, he believes, will attract criminals.

Hole-in-wall thief used MP3 player

A UK thief outwitted sophisticated banking security systems by using an ordinary MP3 music player to bug cash machines and steal customers’ credit card secrets.

Maxwell Parsons, 41, was the central figure in a gang who went on to steal goods worth hundreds of thousands of pounds in high street stores across Britain.

The banking industry was so alarmed by the gang’s method, believed to be unique in this country, that they immediately moved to plug the technological loophole.

Parsons, a well-known criminal figure, was jailed for 32 months after pleading guilty at Minshull Street Crown Court to deception and unlawful interception of a public telecommunications transmission.

The fraudster learnt how to carry out the fraud from the example set by criminal gangs in Malaysia where the method of fraud was used with devastating effect against the banking system.

Parsons or other gang members would use MP3 portable music players to record data transmitted from free-standing ATM cash machines. The data was then converted to readable numbers using a separate computer programme.

Friday Fun - Reflecto-porn

Instances Reflecto-porn have been growing on sites such as eBay. The idea is that you photograph something whilst wearing your birthday suit and ensure that an image of your nether regions appears reflected in a mirror or the product - e.g. a kettle - that you’re trying to sell.

Examples and more info here.

Medusa Parallel Network Login Auditor

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.

More info and download here.

Skill Crane from ShmooCon Lives!

At last year's ShmooCon they had the Hacker Arcade with a skill crane that was hooked up to a PC and available to control over the local wireless network and the Internet. Someone ended up winning most of the skill crane prizes by writing an automated script to hit every spot. I won a Shmoo ball from the dang thing (the old fashion manual way) and now its back online.

Cypherpunks: Its A Word

The Oxford English Dictionary has added cypherpunk. Along with bling, Disneyfied and hard-ass.

Info Sec Search Site - 100 Resources and Counting

After some more research and digging, www.searchinfosec.com now presents results from over 100 quality security resources, from a single search box.

Boarding Pass for one Bin Laden/Osama

A computer security student says terrorists would have no trouble getting around the government’s no-fly list, and to prove it he set up a Web site (it’s down now) that prints fake boarding passes.

The passenger name on the fake boarding pass is “Bin Laden/Osama,” although travelers can put in their own name — or a fake one — and change the flight information, too.

Christopher Soghoian, a 24-year-old doctoral student at Indiana University, said he set up the site to prove that the Transportation Security Administration isn’t taking airline security seriously.

Soghoian said terrorists on the no-fly list could use a fake boarding pass to avoid the no-fly list because IDs are only checked when the passenger passes through TSA screening. So someone could use a fake boarding pass with an ID that matches and get through the screening.

Soghoian said he built his Web site to mimic Northwest Airlines boarding passes because he had one handy after flying Northwest earlier this week. He said he has nothing against the airline.

Soghoian said the fake boarding pass couldn’t get anyone onto a flight — as long as the airline’s computers were working — because the bar code wouldn’t match the other information on the pass.

At his blog he relates the tale of FBI visits following publication of his jest and his current status.

Q&A: Why Metasploit Publishes Hacker Tools

H.D. Moore, Metasploit founder, developer, and researcher talks about why it's important to publish security exploits, his organization's relationship to the cops, and more.

Certification Top 10 Lists Revisited

This is from CertMag.com and is getting a good bit of coverage. Go and see where your certs fit and plan you next few.

Here's the winners:

Best Hands-On Programs: Certified Professional Information Technology Consultant (CPITC)
Best Supporting Materials: (ISC)2 Certified Information Systems Security Professional (CISSP)
Best Specialty Certifications: Brocade Certified SAN Designer (BCSD)
Toughest Recertification Requirements: Cisco Certifications
Best Vendor-Neutral Credentials: Building Industry Consulting Services International (BiCSi)
Most Technically Advanced Programs: (ISC)2 Certified Information Systems Security Professional (CISSP)
Best New Programs or Certs: (ISC)2 Associate Program
Best Entry-Level Certifications: Certified Wireless Network Administrator (CWNA)

MySpace Predator Caught by Code

Five months ago, Wired News senior editor and former hacker Kevin Poulsen whipped up 1,000 lines of computer code that scoured MySpace’s 1 million plus profiles for 385,932 registered sex offenders in 46 states.

Kevin did a praiseworthy job. His detailed article at Wired is here.

Secure Future

Ophcrack LiveCD v.1.1.3 released

A new version of the LiveCD with the latest version of ophcrack 2.3.3 as well as bkhive2.

List of Podcasts with a 'Security" Focus

Name: PaulDotCom Security Weekly
Main Subject: anything related to computer security
Format: Casual
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: mobile malware, hacking ATM machines, tool that allows for hosts to communicate over wireless without being associated, Spamhaus in trouble, Filtering IM for kids, Hacking Web 2.0 Applications with Firefox
Justification: All kinds of good stuff week after week. Highly recommended.
Rss Link: http://pauldotcom.com/podcast/psw.xml

Name: Security Now!
Main Subject: computer security and basic technology concepts
Format: Formal
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: Parallels, Virtual PC, Application Sandboxes, Blue Pill, Vista's Virgin Stack
Justification: Despite the fact that Steve Gibson is a total tool who proves repeatedly that he knows alot less than he thinks he does, the show still touches on a number of interesting subjects that are worth tuning in for.
Rss Link: http://leoville.tv/podcasts/sn.xml

Name: Binary Revolution Radio
Main Subject: hacking, phreaking, computer security
Format: Casual
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: Toorcon, IPv6, Covert Channels, Phishing, Tunneling
Justification: Less organized but offers fresh information and interesting discussion each week
Rss Link: http://www.binrev.com/radio/podcast/

Name: PLA Radio
Main Subject: Phreaking
Format: Very Casual
Approx. Updates Per Month: 1 to 2
Recent Subjects Covered: Free Phone Calls, Beige Boxing, Deaf Relay Operators (IP Relay), Social Engineering
Justification: Covers topics related to "phone hacking". While the format is a bit strange, some of the older episodes had me laughing uncontrollably and are worth a listen.
Rss Link: http://www.phonelosers.org/rss.xml

Name: Off The Hook
Main Subject: General technology, phreaking, politics
Format: Semi-formal
Approx. Updates Per Month: 4 to 5
Justification: This show, hosted by Emmanuel Goldstein, has been running since the 80's and has become somewhat legendary in the Hacking and Phreaking communities as it's been there to document the evolution of technology. Definitely worth a listen.
Rss Link: http://www.2600.com/rss.xml

Name: SploitCast
Main Subject: new vulnerabilities, exploit code, security and technology news
Format: Casual
Approx. Updates Per Month: 1 to 4
Recent Subjects Covered: Interview with Johnny Long, ping tunneling, sensitive data on stolen laptops, Zfone, high level ISP hacks, darknets
Justification: They haven't been releasing much lately, but their episodes are usually pretty interesting. I can't find any other podcasts that discuss exploit code in great detail.
Rss Link: http://sploitcast.libsyn.com/rss

Name: Blue Box: The VoIP Security Podcast
Main Subject: VoIP Security, of course
Format: Semi-casual
Approx. Updates Per Month: 3 to 6
Recent Subjects Covered: Skype security news, interviews, VoIP fraud, recent vulnerabilities
Justification: Covers some great VoIP-related security-centered information.
Rss Link: http://feeds.feedburner.com/BlueBox

Name: TWAT Radio
Main Subject: All things technology with a slight security focus
Format: Casual
Approx. Updates Per Month: 10+
Recent Subjects Covered: Newsgroup readers, Wireless attacks for dummies, Eggdrop, Wake On Lan, Network Recon, VPNs, The GIMP, Cygwin
Justification: Covers a great deal of different technology subjects
Rss Link: http://www.twatech.org/wp-feed.php

Name: Basenet Radio
Format: Casual
Approx. Updates Per Month: 2 to 4
Justification: Underground feel, great information
Rss Link: http://www.basenetradio.net/rss2.xml

Name: LugRadio
Main Subject: Linux and Open Source
Format: Casual
Approx. Updates Per Month: 0 to 2
Recent Subjects Covered: the Portland Project, trusted computing, comparison of Linux distributions, Software Freedom Day
Justification: Possibly the most popular Linux-related podcast
Rss Link: http://www.lugradio.org/episodes.rss

Name: The Linux Link Tech Show
Main Subject: The cutting-edge in Linux-based technology
Format: Casual
Approx. Updates Per Month: 4
Recent Subjects Covered: Linux Home Automation, OpenWRT, Asterisk, Debian vs Mozilla, DRM
Justification: Lots of good Linux-related information
Rss Link: http://www.thelinuxlink.net/tllts/tllts.rss

Name: StillSecure, After all these years
Main Subject: All things related to information security with a focus on a business environment
Format: Formal
Approx. Updates Per Month: 2 to 5
Recent Subjects Covered: Interview with Steve Hanna of Juniper Networks, TCG/TNC, The IETF, 3rd party patching
Justification: This podcast includes some great interviews and information centered around enterprise security
Rss Link: http://clickcaster.com/clickcast/rss/1653

Name: Symantec Security Response Podcast
Main Subject: Security updates
Format: Formal
Approx. Updates Per Month: 2 to 4
Justification: A consistent source of security updates - great for people who are charged with defending a network for a living
Rss Link: http://www.symantec.com/content/en/us/about/rss/sr/sr.xml

Name: Network Security Blog
Main Subject: Network Security…
Format: Formal
Approx. Updates Per Month:
Rss Link: http://www.mckeay.net/secure/index.xml

How to use your PC and Webcam as a motion-detecting and recording security camera

Web site Simplehelp has a tutorial for setting up your own motion-detecting security camera - all you need is a PC, a webcam, and a free, open source program called Dorgem.

Simplehelp's instructions are very detailed, and in the end you should have a security camera that can, for example, take pictures of intruders and upload them to a remote location via FTP (just in case the computer gets stolen). Or maybe you'll just end up with a lot of pictures of your son doing things in front of your computer that you never wanted to know about. Either way (well - not so much the second way), this is pretty cool. Works on Windows 98 and up.

How to use your PC and Webcam as a motion-detecting and recording security camera [Simplehelp]

Hacking the Hacker

This "Hacker" site has Kevin Mitnick's "Art of Deception" book in pdf format. Kind of seems a little ironic...

VoIP Scanning

Interesting post on VoIP scanning...

What’s seems to be happening is that someone in France (from the IP address 82.234.27.188 from all the reports I’ve seen) is trying to find insecure SIP devices. They’re doing this by trying to make a call to 0033147310370, which appears to be a Fax machine or modem of some type in France. It’s a bit silly, actually, as ‘00′ isn’t a valid International code in lots of places - here in Australia, for example, the international dial prefix is ‘0011′, and in the US it’s ‘011′, so it’s always going to return a 404 here, no matter even if I do have a misconfigured device.

Full story here.

Friday Fun - DVD Rewinder

Time to start Christmas shopping! Get yours here.

Are you ready for HD-DVD? How about Blu-Ray? The DVD Rewinder works with any format! These new technologies can't get one up on this amazing device. Get your friends, and family out of the doldrums with the best and unique gifts on the internet. We are expanding our product line with truly unique and hard to find items.

Non-Encrypted Hall of Shame

A list of companies who did not take prudent steps to guard their personal information.

Shopping Mall Security in the year 2017

Chris Oakley’s experimental short film, “The Catalogue” is a video scenario of what a shopping mall’s security would be like with the implementation of RFID tags used for real-time surveillance.