Crooks, Trojans & Mules

Interesting report from finjan.

In the third issue of its Cybercrime Intelligence Report for 2009, Finjan shows how cybercrooks used a combination of Trojans and money mules to rake in hundreds of thousands of Euros and to minimize detection by the anti-fraud systems used by banks. After infection, a bank Trojan was installed on the victims’ machines and started communication with its Command & Control (C&C) server for instructions. These instructions included the amount to be stolen from specific bank accounts and to which money mule-accounts the stolen money should be transferred. The use of this Anti anti-fraud method signals a new trend in cybercrime.

OWASP Podcast Series #41

David Rice, is an internationally recognized information security professional and an accomplished educator and visionary. For a decade he has advised, counseled, and defended global IT networks for government and private industry. David has been awarded by the U.S. Department of Defense for “significant contributions” advancing security of critical national infrastructure and global networks. Additionally, David has authored numerous IT security courses and publications, teaches for the prestigious SANS Institute, and has served as adjunct faculty at James Madison University. He is a frequent speaker at information security conferences and currently Director of The Monterey Group.

Listen

A Stick Figure Guide to the Advanced Encryption Standard (AES)

A very nice explanation of AES, even has example code with it...

Man sues BofA for "1,784 billion, trillion dollars"

More Friday Fun!

Dalton Chiscolm is unhappy about Bank of America's customer service -- really, really unhappy.

Chiscolm in August sued the largest U.S. bank and its board, demanding that "1,784 billion, trillion dollars" be deposited into his account the next day. He also demanded an additional $200,164,000, court papers show.

Reuters story here.

Friday Fun with the DataLoss database

The DataLoss folks have come with some fun ways of querying their data.

Start here.

Couple's Lawsuit Against Bank Over Breach To Move Forward

So who is responsible the Bank/FI or the end user?

A U.S. District Court ruling in a lawsuit against a bank over a hacked online account has raised thorny questions about who's ultimately responsible for the breach of a customer's account.

An Illinois district court denied Citizens Financial Bank's request to dismiss a lawsuit that charges the bank was negligent in protecting a couple's bank account after their user name and password were stolen and used to pilfer $26,000 from their account. The ruling lets the couple, Marsha and Michael Shames-Yeakel, continue with their lawsuit, mostly based on their allegations that the bank failed to properly secure their account.

Full story here.

What Star Trek Predicts About The Future of Information Security

This is great and the future might be now...

ShmooCon 2010 - Registration

Important Dates and Deadlines

* November 1, 2009, Noon EDT - first round of ticket sales
* December 1, 2009, Noon EST - second round of ticket sales
* January 1, 2010, Noon EST - third and final round of ticket sales

Don't Copy That 2 (Official Sequel to Don't Copy That Floppy)

In this sequel to 1992's "Don't Copy That Floppy," MC Double Def DP continues his crusade against piracy in the digital age. Brought to you by SIIA (formerly SPA).

What do you think?

Cyber War Gets Its Own Museum Show

The International Spy Museum in Washington plans will launch a cyber war show dubbed Weapons of Mass Disruption next month.

The show will be heavy on video interviews with folks such as Director of National Intelligence Dennis Blair; former Special Advisor to the President on Cyber Security Richard A. Clarke; Lee Hamilton, co-author of The 9/11 Commission Report; Sen. Christopher "Kit" Bond, vice chairman of the Senate Select Committee on Intelligence; and R. James Woolsey, former CIA director.

Story here.

Spy Museum

Vista/2008/Windows 7 SMB2 BSD 0Day

Is this not a one big "Well Duh"?

If you are not blocking 445 then... you have more problems than this one...

From SANS -

"We have received a report from Tyler that a vulnerability affecting Microsoft SMB2 can be remotely crashed with proof-of-concept code that has been published yesterday and a Metasploit module is out.

We have confirmed it affects Windows 7/Vista/Server 2008. The exploit needs no authentication, only file sharing enabled with one 1 packet to create a BSOD. We recommend filtering access to port TCP 445 with a firewall.

Windows 2000/XP are NOT affected by this exploit."

Free Book

Download Vulnerability Management for Dummies.

Have Skimmer, will Travel

Police in New Zealand have apprehended two Bulgarian nationals in Nelson overnight. The Bulgarians have been charged with carrying out data-skimming attacks on ATM machines in Nelson and Canterbury, the NZPA has reported on September 4. Reportedly, the police investigation is still ongoing, with authorities trying to determine whether the pair were successful in their scheme, and if so, to assess the damages.

More here.

Weaponizing the Web from DEFCON

Shawn Moyer and Nathan Hamiel spent some time last year looking at this problem as it related specifically to social networks. This year, they talk about a previously unnoticed attack vector for lots and lots of web applications with user-generated content, and releasing a handy tool to exploit it.

Shawn Moyer and Nathan Hamiel: Weaponizing the Web (DefCon 17) from Vim EeeeOOO on Vimeo.

Happy Birthday INET

September 2, 1969, ARPANET, the forerunner of INTERNET was developed when two computers at University of California, Los Angeles were connected on an experimental military network by a team at UCLA.

Wikipedia ARPANET Timeline

Wachovia Banking Wizard - XSS - PoC

Full Disclosure

United Breaks Guitars

Song 1



Song 2

XSS AF

For the past five months, a website for investment services giant Ameriprise Financial contained bugs that allowed even low-level criminals to inject malicious content into official company webpages and steal user's cookies, according to Russ McRee of HolisticInfoSec.org who first identified the bugs.

Register story here.

Amex cardholders' data stolen by employee

American Express Co. spokeswoman Susan Korchak said a "relatively small portion" of card members was involved, but declined to be more specific.

The small portion included me! I got the letter early this week. No new card, just told to keep an eye on things...

The former employee has been arrested and the company is investigating how the data was obtained, she said.

AP story here.

Hack? What Hack?

Ex-worker accused of hacking into Mt. Airy computers using co-workers’ IDs to access computer from his residence.

A lot of things are wrong here, but not much hacking...

Leo Harry Hornbaker III, 37, of Bodle Road, a former employee at the Monroe County casino, is accused of using other employees’ user names and passwords to access the casino’s computer from his residence, according to arrest records filed by the state police Bureau of Criminal Investigations Unit.

Story here.

Top 10 most notable Black Hat/Defcon stories

Nice list... I would put Cloud Computing high on the list as folks seem to be jumping before they look.

Malicious Insiders with Ties to the Internet Underground Community

From March, this report (.pdf) is the second in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab.

Credit Hackers - from DefCon w/Love

Christopher Soghoian is a fellow at Harvard’s Berkman Center. His paper highlights several approaches perfected by credit hackers.

Jackie Chan's Kaspersky Ad/Comercial - kind of cool, kind of...

Mitnick the victim?

On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick.

Karma?

Register story here.

Prankster Gets Verizon's CEO Private Address, Visits Him to Discuss Privacy

John Hargrave tracked down Verizon CEO's private address and cellphone number. Then he went to his home—megaphone in hand—to ask him to stop Verizon's lousy privacy policies.

One In Two Security Pros Unhappy In Their Jobs

This U?

You'd think most professionals in a hot industry like IT security would feel content and challenged technically and creatively in their jobs -- but not so much. According to the results of a new survey that will go public next week at Defcon in Las Vegas, half of security pros aren't satisfied with their current jobs, and 57 percent say their jobs are neither challenging nor fully tapping their skills.

Full story.

Australian engulfed in flames after being Tasered

Who brought marshmallows?

A man whose relatives say had been sniffing gasoline burst into flames after a police officer Tasered him as he ran at officials carrying a container of fuel, police said Tuesday.

The man, identified by his family as 36-year-old Ronald Mitchell, was in critical condition at a Perth hospital in Western Australia state following Monday’s incident in Warburton, an aboriginal community 950 miles (1,540 kilometers) northeast of Perth.

Western Australia police said they were responding to a complaint at a house when Mitchell ran outside carrying a cigarette lighter and a large plastic bottle containing what they believe was fuel. When he refused to stop running toward them, one officer Tasered him, police said in a statement.

The man was immediately engulfed in flames. The officer threw him to the ground and smothered the blaze with his hands, the statement said. Mitchell was charged with assault to prevent arrest and possession of a sniffing substance.

More here.

"sudo make me a sandwich"

Wireshark 1.2.1 released

Mostly vulnerability and big fixes...

Official releases are available right now from the download page.

Is SecCon doomed?

Officials to probe color-coded terror alert system...

The Homeland Security Department will review and possibly replace the often-ridiculed multicolored terror alert system created after the Sept. 11, 2001 attacks. Since it was created in 2002, the system has been confusing and became the butt of jokes by late-night television comics.

Critics have said assigning different categories to different colors is too vague an approach to deliver enough information to be useful. And Democrats said the Bush administration used it for political manipulation.

Homeland Security Secretary Janet Napolitano appointed a task force Tuesday to determine in 60 days how effective the current system is.

More here.

Caffeine may stop Mad Cow

"Drinking five cups of coffee a day could reverse memory problems seen in Alzheimer's disease, US scientists say."

More here.

The Security Onion LiveCD

The Security Onion LiveCD is now available! You can download it from the following location:
http://distro.ibiblio.org/pub/linux/distributions/security-onion/

What is it?
The Security Onion LiveCD is a bootable CD that contains software used for installing, configuring, and testing Intrusion Detection Systems.

What software does it contain?
The Security Onion LiveCD is based on Xubuntu 9.04 and contains Snort 2.8.4.1, Snort 3.0.0b3 (Beta), sguil, idswakeup, nmap, metasploit, scapy, hping, fragroute, fragrouter, netcat, paketto, tcpreplay, and many other security tools.

More City Fun - City asks applicants for Internet passwords

Job applicants with the City of Bozeman are finding that those private Internet discussions and pictures may not be so private after all. The city is asking job seekers for the user names — and passwords — to Internet social networking or Web groups they belong to. The decision is sparking an outcry from those who say the policy goes way too far.

Read more here.

Public Safety - City's dress code requires underwear!

If you want to work for the city of Brooksville, be sure that you use deodorant, that your clothes fit properly and that you cover up your wounds and tattoos. And, for goodness sake, wear underwear.

The Brooksville City Council approved a dress and appearance policy by a count of 4-1 this month, with only Mayor Joe Bernardini casting the dissenting vote. He questioned how the code would be interpreted and enforced.

This could be a job opportunity - undercover Underwear Inspectors!

Full story here.

Wireshark 1.2 Released

Wireshark 1.2.0 has been released. This is the new stable release branch of Wireshark and many new and exciting features have been added since 1.0 was released.

Universal wireless keyboard sniffer: Keykeriki

Kind of a cool thing... "This opensource hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only)."

Securing your assets.

A MIRACLE new smart-bra that BOOSTS a woman's cleavage when she feels sexy is being tested by lingerie designers.

The magic bra detects changes in body temperature brought on by sexual arousement and squeezes boobs together to create a bigger cleavage.

Then when things cool off again the bra's built-in memory relaxes the fabric and the wearer's bust returns to normal, say its Slovenian inventors.

“Designer Suzana Gorisek said: "As a woman's body changes, so the size of the bra changes. That's the advantage of this bra."

More here.

ATM malware used in Russia lets attackers control machines.

Rhetorical question, but why would any sane person use Windows XP for an ATM???

"Trustwave investigators said malware used in several ATM breaches in Eastern Europe allows attackers to take over the machines and dump cash from them.

The compromised ATMs ran Microsoft's Windows XP, but Trustwave can't disclose the ATM software the malware targets, Percoco said."

(IN)SECURE magazine

DOWNLOAD ISSUE 21 here (June 2009).

Couple highlights -

* Using Wireshark to capture and analyze wireless traffic
* Q&A: Ron Gula on Nessus and Tenable Network Security
* Lots more, nice issue...

Using the DATALOSSdb info, Voltage releases data breach map

Kind of cool…

http://www.voltage.com/solutions/data-breach/

You can embed the map on a web page if you are so inclined...

WNLA and Weaknet Labs Fundraiser

WeakNet Labs have announced a very cool fundraiser. They are offering WeakNet Linux Version 2.0 (WNLAv2) installed on a 4GB live USB drive for $25. All the profits from sales go to Hackers for Charity. More here.

Kids at work

Nice, makes all the other kids at work days look a little lame... But there is always next year! More than 40 children were shocked with stun guns on Take Our Daughters and Sons to Work Day.

During demonstrations at two prisons on April 23, children aged between five and 17 held hands in a circle and one was shocked with a stun gun, passing the shock around the circle. At another prison, children were shocked individually.

None was seriously hurt or taken to hospital, the state’s Department of Corrections said.

Memorial Day 2009

Take some time today to reflect on those who have given the ultimate sacrifice for our freedom. Share a story about someone you know who died while serving our country. We will always treasure those who serve...

How not to secure your future...

Passer-by pushes suicide jumper in south China

BEIJING – Chen Fuchao, a man heavily in debt, had been contemplating suicide on a bridge in southern China for hours when a passer-by came up, shook his hand — and pushed him off the ledge.

Chen fell 26 feet (8 meters) onto a partially inflated emergency air cushion laid out by authorities and survived, suffering spine and elbow injuries, the official Xinhua News Agency said Saturday.

The passer-by, 66-year-old Lai Jiansheng, had been fed up with what he called Chen's "selfish activity," Xinhua said. Traffic around the Haizhu bridge in the city of Guangzhou had been backed up for five hours and police had cordoned off the area.

"I pushed him off because jumpers like Chen are very selfish. Their action violates a lot of public interest," Lai was quoted as saying by Xinhua. "They do not really dare to kill themselves. Instead, they just want to raise the relevant government authorities' attention to their appeals."

IT Security Podcast Links

Nice list of security related podcasts by GETMON.

Mandiant Highlighter 1.1.1 is out

Lots of nice enhancements.

Get it here.

be back soon...

10 reasons websites get hacked

List of top 10 web vulnerabilities classified by OWASP, here with a description of the problem and some examples.

Wait there is more! NSA is on your computer!

NSA LIKELY READING WINDOWS SOFTWARE IN YOUR COMPUTER

Sooner or later, a country that spies on its neighbors will turn on its own people, violating their privacy, stealing their liberties.

President Bush’s grab for unchecked eavesdropping powers is the culmination of what the National Security Agency(NSA) has spent forty years doing unto others.

And if you’re upset by the idea of NSA tapping your phone, be advised NSA likely can also read your Windows software to access your computer.

European investigative reporter Duncan Campbell claimed NSA had arranged with Microsoft to insert special “keys” in Windows software starting with versions from 95-OSR2 onwards.

And the intelligence arm of the French Defense Ministry also asserted NSA helped to install secret programs in Microsoft software. According to France's Strategic Affairs Delegation report, “it would seem that the creation of Microsoft was largely supported, not least financially, by NSA, and that IBM was made to accept the (Microsoft) MS-DOS operating system by the same administration.” That report was published in 1999.

The French reported a “strong suspicion of a lack of security fed by insistent rumours about the existence of spy programmes on Microsoft, and by the presence of NSA personnel in Bill Gates’ development teams.” It noted the Pentagon was Microsoft’s biggest global client.

And heck, who wouldn't belive the French?

More here.

Because George said NO!

More on GW's spying program -

According to documents released by lawmakers on Monday, major U.S. telephone carriers refused to answer questions from the Democratic-led Congress about their possible participation in President George W. Bush's warrantless domestic spying program...

More...

Pre-9/11 wiretap bid is alleged

Why is this a surprise to anyone?

A former Qwest Communications International executive, appealing a conviction for insider trading, has alleged that the government withdrew a $200-million contract after Qwest refused to participate in an unidentified National Security Agency program that the company's top lawyer said was illegal.

Nacchio's account, which places the NSA proposal at a meeting on Feb. 27, 2001, suggests that the Bush administration was seeking to enlist telecommunications firms in programs without court oversight before the terrorist attacks. The Sept. 11 attacks have been cited by the government as the main impetus for its warrantless surveillance efforts.

More here.

Same church different pew...

http://www.wired.com/science/discoveries/news/2006/04/70619

The Breach Blog

The Breach Blog has an interesting compilation of recent security breaches.

18th episode of The Silver Bullet Security Podcast

Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization.

The IT Crowd

Season 2 is rolling along and they are are up to Episode Five: Smoke & Mirrors.

Get caught up here.

Tasers in the news...

Officer do the right thing?

Today (9/19) is International Talk Like A Pirate Day

Put a parrot on your shoulder, strap on a peg leg, hit the rum and start bellowing "Shiver me Timbers" -- Wednesday is International Talk Like A Pirate Day.

"Pirates of the Caribbean" star Johnny Depp is not the only over-the-top buccaneer allowed to have fun.

September 19 is your once-a-year chance to don an eye patch, sport a ridiculously large hat and keep on saying "Arrrrr.

It all started back in the 1990s as a cult joke between two American friends -- John "Ol Chumbucket" Baur and Mark "Capn Slappy" Summers -- but really took off when syndicated columnist Dave Barry got to hear about their surreal festival.

Crime does pay!

Internet crime has become a major commercial activity, reveals a report by computer security company Symantec.

The report said cyber crime had become increasingly professional and was now a multi-billion dollar industry.

The underground economy has its own auction sites and marketplaces that sell valuable data such as credit card numbers and bank accounts.

They also sell toolkits for novice cyber criminals who lack technical know-how to craft their own attacks.

BBC story.

Hackers hit US stockbroker TD Ameritrade

Only email addresses? Yea right...

Stock broking firm TD Ameritrade has revealed a breach to one of its databases resulting in the theft of user data.

The company confirmed that, while online account numbers and passwords were not compromised, customer names, email addresses and phone numbers had all been stolen.

The database also contains Social Security numbers, although TD Ameritrade claimed that there is no evidence to suggest that the numbers were among the stolen data.

A spokesperson for the company told vnunet.com that the compromised database stored information on all of the company's 6.3 million customer accounts. It is not yet known how many customers were directly affected.

Story here.

Osama bin Laden, drove a Canadian-flagged motorcade through two security checkpoints in Sydney

Members of an Australian comedy TV show, one dressed as Osama bin Laden, drove a Canadian-flagged motorcade through two security checkpoints in Sydney Thursday before being stopped near a hotel where U.S. President George W. Bush is staying.

The stunt-embarrassed Sydney police had imposed the tightest security measures in the city's history. The Australian city is hosting a summit of leaders from Pacific Rim countries, including Bush and Canadian Prime Minister Stephen Harper, who arrived Thursday.

Police arrested 11 cast and crew from the TV program, The Chaser's War on Everything, and impounded three vehicles, the Australian Broadcasting Corp., which airs the show, said on its website.

Full story here.

The First Amendment, Satellite Imagery and National Security

So what should MS of done?

Recently a photograph appeared on the Internet of the propeller on an Ohio-class ballistic missile submarine at Trident Submarine Base in Bangor. A key to the submarine's ability to deploy and remain undetected, propeller designs have been kept under wraps for years, literally. When out of the water, the propellers typically are draped with tarps.

The propeller image appeared on Microsoft's mapping tool, Virtual Earth. It was discovered accidentally by Dan Twohig, a deck officer with the Washington state ferry service who was using the program to examine real estate on the west side of Puget Sound.

More here.

ShmooCon '08

Start planning now... TSG is happy to announce that ShmooCon '08 will take place at the Wardman Park Marriott in Washington DC, February 15-17.

17th episode of The Silver Bullet Security Podcast

Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers.

How the FBI Wiretap Net Operates

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected.

Wired story here.
EFF has the document here.

The Burning Man Project 07

Oh my... Premature burning...

(Black Rock City - August 28, 2007) The Man at the center of Black Rock City will be rebuilt after an overnight fire which damaged the effigy at the center of the Burning Man event. Rebuilding is expected to take about two days.

Black Rock City officials say there was structural damage to the figure of the Man, but relatively little damage to the art and exhibits at the base of the Man. No injuries were reported.

An arson investigation is underway, and one arrest was made shortly after the fire was set. No charges have been announced, and the name of the suspect is being withheld. There has been no discussion of motive in the episode.

Burning Man

No more vacation - Back to work...

Take the back roads when taking the back road...

Adulterers, beware: Your cheatin' heart might be exposed by E-ZPass. E-ZPass and other electronic toll collection systems are emerging as a powerful means of proving infidelity. That's because when your spouse doesn't know where you've been, E-ZPass does.

"E-ZPass is an E-ZPass to go directly to divorce court, because it's an easy way to show you took the off-ramp to adultery," said Jacalyn Barnett, a New York divorce lawyer who has used E-ZPass records a few times.

More here.

Friday Fun - The Vomit-Inducing Flashlight

Picking your favorite non-lethal weapon can be tough. I'm partial to the microwave-based Active Denial System that former PopSci editor Eric Adams had the, er, courage to stand in front of a few years ago. (An experience described in detail here.) Or I might give a nod to the paralyzing, hardening foam that momentarily holds down The Hulk in the 2003 movie, and has been used by the U.S. military with mixed results.

But a California company may be developing the real winner, an LED-based flashlight that shoots out incredibly bright pulses of light, and can potentially induce vomiting. The Department of Homeland Security is funding the study, and Penn State will begin testing it this fall at the Institute of Nonlethal Defense Technology.

Story from Popular Science Blog.

Footprinting/research tool

Evolution is a program that is the brain child of Roelof Temmingh of ex-SensePost fame. It’s a tool that “associates data found in multiple search engines and social-networking Web sites… to find information behind IP addresses, Domain Name System entries, domain registration and more.

William Gibson

The present has recently caught up with William Gibson. The great prophet of the digital future, who not only coined the word 'cyberspace' in his debut novel Neuromancer in 1984, but imagined its implications and went a long way to suggesting its YouTube and MySpace culture, has stopped looking forwards. 'The future is already here,' he is fond of suggesting. 'It is just not evenly distributed.'

More story here.
New book here.

ATM Theft

Louisiana police are on the look-out for three men who staged a 1 AM smash and grab robbery at a Target store. The men rammed a truck through the store's front doors, pulled an ATM from the wall and loaded it into their vehicle as the store's cleaning crew looked on...

Police have located the truck used in the crime, as well as the emptied ATM.

US Border Security

Bush interviewed as a Illegal Jumps the Border - video powered by Metacafe

Well, it is funny anyway...

A "Visit" to Diebold Elections Systems, Inc.

A peek into their deserted, but well-lit, warehouse brought home just how easy it would be for a company employee to take advantage of any number of the myriad sixty-second hacks found to be easily carried out by Election Insiders --- such as Diebold Employees or County Election Officials --- in Bowen's independent penetration report of Diebold's voting systems [PDF].

DEFCON 15 - 12year old Bumping Medeco's Biaxial

This past weekend at DefCon Tobias ran into Jennalynn, a 12-year-old girl who appeared in a YouTube video last year bumping a Kwikset lock. (Jennalynn's mother declined to give her daughter's last name because she preferred not to have it published.) Tobias asked her to try bumping Medeco's Biaxial lock, a more secure lock. She did it three times. Below is a video showing her bumping the lock, with Tobias next to her.

Wifi in the Wall

WEJ-11G-O Wall Box Wireless Access Point/Bridge

$129.95

Usually ships in 1-2 days

The Karo Technology WEJ-11g Series are uniquely designed to fit into a standard wall box and bring the benefits of both wired and wireless connection. The WEJ-11g are full-featured Access Points that support IEEE 802.11b and 802.11g. The WEJ-11g can be installed and configured easily into any new wireless network or integrated within an existing wired network resulting in a more flexible and cost-effective wireless deployment. And, a network administrator can centrally manage the WEJ-11g Series via a Web browser or an SNMP MIB browser.

Features

• High speed 54 Mbps wireless and/or 100 Mbps wired data rate
• RF transmit power settings (5 levels)
• Auto-channel selection setting
• Security: WEP, WPA-PSK, 802.1x, EAP, TKIP, AES
• MAC address filtering
• Wireless client isolation
• AP load balancing
• Association control
• Hardware watchdog timer
• Extensive management tools via browser-based configuration utility

Fudge Packer Arrested

Shortly after midnight, Thursday morning, the Annapolis Police Department received a call from a clerk at the downtown Maryland House Hotel, who reported that a woman had come into the lobby and said she had been the victim of a sexual assault.

Officers met with Greenbelt resident Catherine Anne Delgado, 35, and determined that her assault claim was unfounded. During the course of their conversation in the lobby, the officers noticed that Delgado, wearing slacks and a sleeveless white blouse, had large slabs of fudge bulging out of her pockets.

“Smudges of fudge showed up very well on her hands and white blouse,” Officer Hal Dalton said. “You don’t see something like that every day.”

More here.

DEFCON 15 - Aug 3-5

Reporter gets snapped...

A LOT OF MAKEUP can make you prettier, but it won't make you smarter. Michelle Madigan, Associate Producer for Dateline NBC found this out the hard way at Defcon.

According to sources at the show, she was there to do a piece called Hackers for Hire, with the goal of showing the criminal hacker underground and possibly outing an undercover fed. As Michelle was said to have said, "People in Kansas would be very interested in what is going on at Defcon". She was busted hours before she walked in the door, the first slide before the keynote was this, and the speaker asked to notify a goon (security) if she was spotted.

Full story here.

Secure your Future - Caffeine and Exercise Can Prevent Skin Cancer

Regular exercise and little or no caffeine has become a popular lifestyle choice for many Americans. But a new Rutgers study has found that it may not be the best formula for preventing sun-induced skin damage that could lead to cancer. Low to moderate amounts of caffeine, in fact, along with exercise can be good for your health.

According to the National Cancer Institute, sunlight-induced skin cancer is the most prevalent cancer in the United States with more than 1 million new cases each year. A research team at Rutgers, The State University of New Jersey, showed that a combination of exercise and some caffeine protected against the destructive effects of the sun’s ultraviolet-B (UVB) radiation, known to induce skin cancer. The caffeine and exercise seemingly conspire in killing off precancerous cells whose DNA has been damaged by UVB-rays.

Get the full story here. Get your caffeine here.

Google Fun - Phone # to map...

Google has implemented a nice little feature where you can type a telephone number into the search bar and if found, you will be given the option to map the related results... If you want to block Google from divulging your private information, simply click on your phone number. Removal takes 48-hours.

Friday Fun - Filled 1,000 gallon pool stolen

Not that big a surprise considering it was NJ. Capt Sullo perhaps or Aliens?

Someone stole 1,000 gallons of water from Daisy Valdivia's backyard. And they didn't spill a drop.

Valdivia woke Wednesday morning to find that her family's inflatable pool, hip high and 10 feet in diameter and filled with water, was stolen from her backyard in the middle of the night. There is no evidence that the water was poured out, pumped out, evaporated or drunk.

Or drunk?

Full story here.

One Laptop Per Child machines for sale this Xmas?

How about one for every one of our deployed military for their own use and let them distribute systems to the kids in the areas that they are in...

The non-profit group that designs low-cost computers for poor children hopes to start selling multimedia laptops to consumers by Christmas, a foundation executive reported on Monday.

The One Laptop Per Child Foundation's rugged XO laptop could initially sell for just $350, or twice its production cost, although the group is also considering a $525 price tag, said OLPC chief technology officer Mary Lou Jepsen.

Exploiting the iPhone

Researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.

Details here.

The Silver Bullet Security Podcast - Show 016

On the 16th episode of The Silver Bullet Security Podcast, Gary talks with Greg Hoglund, who runs the popular rootkit.com, CEO of HB Gary, and co-author of Rootkits: Subverting the Windows Kernel and Exploiting Software. In addition to shameless self-promotion of their new book, Exploiting Online Games, Gary and Greg discuss the natural tendency of certain types of code to allow exploits, how disclosure is a good thing when it comes to revealing exploits, and the use of rootkits by the “good guys.” Greg also makes us concerned that his 11-year-old daughter may 0wn our box.

Web Trend Map 2007 Version 2.0

This very large graphic, is an attempt to map the Internet onto a map of the London Underground rail system (the series of Tubes as a tube-map). There is a ton of info here and some very interesting stuff.

Details and more here.

Adult Film industry fights piracy

Gee, I guess piracy does hurt everyone... According to sources, the adult industry is losing $2 billion a year because of file sharing, pirate servers, hackers, and illegal duplication of its movies.

Incorporated in June 2007, Global Anti-Piracy Agency (GAPA) is an independent, non-profit trade organization with the singular mission of working on behalf of the adult entertainment industry to fight piracy of intellectual property.

Security History for Sale on eBay - Enigma Machine

The Enigma encryption machine was introduced in 1923 by the Chiffriermaschinen Aktien-Gesellschaft (Cipher Machines Stock Corporation). It was used by the Germans to encrypt messages during World War II. With just over eight days left, the current bid is $12,276.99 and the reserve has not been met...

Bid here.

Wikipedia entry.

The Athens Affair

How some extremely smart hackers pulled off the most audacious cell-network break-in ever.

Story here.

Deal of the Day - Dragon Fire 500,000 Volt Stun Gun

Surplus Computers has the Dragon Fire 500,000 Volt Stun Gun (500-K) for $33 with free shipping. It takes two 9V batteries (not included).

Buy here.

Friday Fun - Fake Officer Stops Real One

There were flashing lights atop his SUV and what appeared to be a police badge in his hand, but it was the man he tried to pull over who was the real police detective.

Robert Lane, 25, was arrested Tuesday on charges of criminal impersonation and aggravated unlicensed operation of a motor vehicle, Suffolk County police said.

More here.

Feds use key logger to thwart PGP, Hushmail

A recent court case provides a rare glimpse into how some federal agents deal with encryption: by breaking into a suspect's home or office, implanting keystroke-logging software, and spying on what happens from afar.

cnet story here.

"I've Got Nothing to Hide" and Other Misunderstandings of Privacy

In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the "nothing to hide" argument. When asked about government surveillance and data mining, many people respond by declaring: "I've got nothing to hide." According to the "nothing to hide" argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The "nothing to hide" argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the "nothing to hide" argument and exposes its faulty underpinnings.

F-Secure On Cyber Crime

Mikko Hypponen, Chief Research Officer of F-Secure talks about the various aspects of Crimeware in this YouTube video.

Financial Institutions - the right to conduct a forensic analysis?

What if the user accessed his or her bank account using more than one computer, what if it was a company issued computer?

"However, under New Zealand's new banking code of practice, which came into effect on Sunday, financial institutions will reserve the right to conduct a forensic analysis of fraud victims' computers. If the system lacks operating system updates and security software, they may deny reimbursement claims."

More here.

Bank branch bandit wears tree disguise

Just as the Citizen Bank branch opened Saturday morning, a man walked in with leafy boughs duct-taped to his head and torso, and robbed the place.

CNN video here.

Secure your stuff (Ikea ads)

http://view.break.com/326690 - Watch more free videos

Nothing like another 12 or 16 nuclear ballistic missiles added to the planet.

A shiny new ballistic-missile submarine docked at a naval base in China has been spied publicly for the first time using Google Earth.

The new class of nuclear sub, called the Jin-class, had been rumoured to exist for some time, but the image recently uploaded to Google Earth is the first public glimpse of the vessel.

More here.

Secure Earth - 7.7.07

Friday "Fun" - WabiSabiLabi

Companies such as 3Com's TippingPoint division and VeriSign's iDefense Labs have offered cash for this type of research before, but..

Now a Swiss security firm called WabiSabiLabi has opened a web marketplace for zero-day security vulnerabilities.

According to Herman Zampariolo, CEO of WSLabi, We decided to set up this portal for selling security research because although there are many researchers out there who discover vulnerabilities very few of them are able or willing to report it to the right people due to the fear of being exploited. Recently it was reported that although researchers had analyzed a little more than 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be as high as 139,362 per year. Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals.

Researchers can submit their findings to the exchange once they have registered. WSLabi will then verify the research by analyzing and replicating it at their independent testing laboratories. They will eventually then package the findings with a Proof of Concept; this can then be sold to the marketplace via three methods from the marketplace platform:

- Starting an auction, predefined starting price
- Selling to as many buyers as possible at a fixed price
- Selling it exclusively to one buyer

July 4th

U.S. Deaths Confirmed By The DoD: 3583
Reported U.S. Deaths Pending DoD Confirmation: 3
Total: 3586

Full list.

Weekend Warriors - Reverse Engineering

Old, but good...



OllyDbg

Hiew