Blacklisted411 - Online Edition 4 - 01.16.2006

Established over 20 years ago in October of 1983 as the first disk based hacker underground magazine (e-zine), Blacklisted 411 has become not only one of the oldest of the hacker quarterlies available today, but has positioned itself as the top selling print magazine in its market.

hacker. (towards an understanding of a word and a concept)

A very interesting site examining the hacker mythology and history.

Parrot Spilled the Beans and got the Boot

Having a Parrot might be a good home security investment. However, seems like being a whistle blower still has its risks...

Somewhere in Yorkshire, there lurks a proverbially nauseous parrot. Ziggy, an eight-year-old African Grey, had provided Chris Taylor with years of companionship until the fateful day when he opened his beak to mimic his owner's girlfriend and squawked out one word: Gary.

Ziggy's obsession with his latest impression grew and he began uttering "Hi Gary!" every time Suzy Collins' mobile phone rang. Chris's suspicions deepened after Ziggy started to make long kissing noises whenever he heard the name Gary on television or the radio.

Things between Chris and Suzy finally came to a head the night Ziggy decided to blurt out: "I love you, Gary" in her voice.

When Chris confronted Suzy about his pet's obsession, she admitted to having had a four-month affair with Gary, a former colleague.

Unable to bear the verbal taunts of his faithful bird, the 30-year-old computer programmer gave Ziggy to a local parrot dealer and asked him to find him a new home.

Russian Ultranationalist Party Says Hackers Could Help Fight Terror

Hey, maybe if these guys get day jobs they will leave the rest of us alone... (not)

Russia’s ultranationalist Liberal Democratic Party has called for enlisting services of computer hackers to fight extremism and terrorism.

A statement released by the party and obtained by the Interfax news agency on Tuesday read that hackers “should be widely involved in thwarting pro-terrorist and pro-extremist websites and encouraged to take part in such activities.”

Whatever the public attitude towards those individuals, “the Internet is the domain where hackers are omnipotent,” the statement reads. Therefore, their services should be enlisted to fight terrorism. “A hacker attack is a strong weapon that may be used not only for breaking into bank accounts or performing other illegal actions, but also for the benefit of the nation and the state,” the LDPR activists are convinced.

LDPR is led by Vladimir Zhirinovsky, deputy chairman of the State Duma, the lower house of Russian parliament. Zhirinovsky rose to prominence as a flamboyant politician, notorious for his extravagant ideas and eccentric behavior.

Covers come off UK Spy Plane

Raven, Corax, and DarkStar... I just posted this because of all the cool names...

Images of the UK's first prototype stealth surveillance aircraft have been unveiled.

The unmanned vehicle, which has been built by BAE Systems, is known as the Corax, or as the Raven.

The Corax bears some resemblance to a cancelled US military spy plane called DarkStar, analysts have said.

Jane's International Defence Review said the unmanned aircraft "indicated a new direction in combat vehicles for the UK's armed forces".

Insecurities of Online Banking

Symantec's Candid Wuuest has done some interesting research on the insecurities of E-banking, and a nice job in comparing the different security measures next to one another. His slides also provide a lot of useful info on the topic.

More info on the topic an also be found at:

Why eBanking is Bad for your Bank Balance
Risk Management Principles for Electronic Banking

Google + Public Knowledge + Sex Offenders

Enter your address and it will show your house on a map. All the little colored boxes are Sex Offenders near you. Click on them and you get a name, address & picture of the person along with his crime. It also shows you where they live in proximity to your home and the local schools...

OpenRCE

Founded in June of 2005 as the brainchild of Pedram Amini, the Open Reverse Code Engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering. Heavily modeled on the architecture of Greg Hoglund's rootkit.com, OpenRCE aims to serve as a centralized resource for reverse engineers (currently heavily win32/security/malcode biased) by hosting files, blogs, forums articles and more.

ShmooCon 06

Just an all around great con/event! After spending all day Saturday at the Wardman Park Marriott I can tell you that there is not a better security event for your $s anywhere...

Compared to what you get for your money at say a SANS and/or a CSI event, ShmooCon is the clear winner.

The Post's Brian Krebs was quick to cover Simple Nomad's chat on "Hacking the Friendly Skies".

Fyodor did a great presentation on Nmap, a copy of his slides and a special ShmooCon dist can be found here.

I also liked kaos.theory and their Anonym.OS LiveCD. Anonym.OS is an OpenBSD 3.8 Live CD with strong tools for anonymizing and encrypting connections. Standard network applications are provided and configured to take advantage of the tor onion routing network. You can download it here.

Charlie Brown's Philosophy About Security

Charlie Brown and Peppermint Patty are sitting under a tree. Peppermint Patty asks Charlie Brown, "What do you think security is, Chuck?"

Charlie Brown: Security is sleeping on the back seat of the car when you're a little kid, and you've been somewhere with your mom and dad, and it's night, and you're riding home in the car, asleep. You don't have to worry about anything. Your mom and dad are in the front seat and they do all the worrying. They take care of everything.

Peppermint Patty: That's real neat.

Charlie Brown: But it doesn't last. Suddenly you're grown up, and it can never be that way again!

Peppermint Patty: Never?

Charlie Brown Absolutely never.

Peppermint Patty (horrified): Hold my hand, Chuck!

Forged Credentials and Security - Crooks Flashing Fake Badges

There doesn't seem to be an easy way to solve this. How do we effectively authenticate individuals? Especially when people aren't trained to do so...

When Frank Coco pulled over a 24-year-old carpenter for driving erratically on Interstate 55, Coco was furious. Coco was driving his white Chevy Caprice with flashing lights and had to race in front of the young man and slam on his brakes to force him to stop.

Coco flashed his badge and shouted at the driver, Joe Lilja: "I'm a cop and when I tell you to pull over, you pull over, you motherf-----!"

Coco punched Lilja in the face and tried to drag him out of his car.

But Lilja wasn't resisting arrest. He wasn't even sure what he'd done wrong.

"I thought, 'Oh my God, I can't believe he's hitting me,' " Lilja recalled.

It was only after Lilja sped off to escape -- leading Coco on a tire-squealing, 90-mph chase through the southwest suburbs -- that Lilja learned the truth.

Coco wasn't a cop at all.

He was a criminal.

Fridays Are For Fun! - Surveillance Video

When the masked man came into the Bethlehem gas station Tuesday night, pointed a knife at him and demanded cash, Kuldip Singh took only a second to realize he was tired of being robbed and was going to fight back.

''Oh, I'll give you the money,'' the store clerk said in mocking tones as he grabbed a wooden baseball bat and swung it at the would-be robber. Singh then charged from behind the counter, hitting the man six times in the head and shoulders before he ran off.

Wish some of the folks on the softball team could hit like this... Video from surveillance camera of an attempted robbery of the Bethlehem (Pa.) Exxon on Tuesday, Jan. 10.

Department of Homeland Security Promotes Vendor Video

The January 4, 2006 Dept. of Homeland Security Daily Infrastructure Report Highlighted a free online vendor video that shows the viewer the tools and procedures they need to hack into a person's computer as well as the vendors solutions/products.

The video is interesting and probably worth a viewing, but what bugs me about this is that DHS is basically giving a free add/plug for a particular vendor...

Burned CDs Last 5 years Max -- Use Tape?

Where is the Beef? It would be nice to have some stats, test results, etc...

Although opinions vary on how to preserve data on digital storage media, such as optical CDs and DVDs, Kurt Gerecke, a physicist and storage expert at IBM Deutschland GmbH, takes this view: If you want to avoid having to burn new CDs every few years, use magnetic tapes to store all your pictures, videos and songs for a lifetime.

But from the land of big glasses and smart dudes we get some different info...

NIST has found that recordable disks seem to last much longer than rewritable disks, Byers said, and even longer than manufactured disks such as CDs for installing commercial software.

General industry guidelines now estimate office-burned copies of CDs and DVDs could remain readable for 100 to 200 years.

Home Security - Flaming Mouse Burns Down House

Damn and it's not even Friday...

FORT SUMNER, N.M. -- You've probably heard of a house fire, but how about a "mouse fire?"

An 81-year-old Fort Sumner homeowner said he caught a mouse inside his house and just wanted to get rid of it.

The man threw the critter in a pile of burning leaves near his home, but it ran back to the house on fire.

Village Fire Chief Juan Chavez said the mouse ran to just beneath a window and the flames spread up the window and throughout the house.

All contents of the home were destroyed, but no injuries were reported, Chavez said.

Unseasonably dry and windy conditions have charred more than 53,000 acres and destroyed 10 homes in southeastern New Mexico in recent weeks.

US-CERT: 5,198 Software Flaws in 2005

Security researchers uncovered a record 5,198 vulnerabilities in software products this year, nearly 38 percent more than the number of flaws found in 2004, according to statistics published by US-CERT, a cyber security information-sharing collaboration between the Department of Homeland Security and the CERT Coordination Center at Carnegie Mellon University in Pittsburgh.

Data Mining 101: Finding Subversives with Amazon Wishlists

Tom Owad at applefritter.com has posted a detailed story on how he was able to use Amazon wishlists to profile thousands of people. By using the search function at Amazon, he accessed and downloaded over 260,000 publicly-available wishlists. He then searched the lists for "suspicious" books and authors, including Fahrenheit 451, Michael Moore, Rush Limbaugh, the Koran/Quran and, of course, Build Your Own Laser, Phaser, Ion Ray Gun and Other Working Space Age Projects.

At this point, Tom had a list of Amazon usernames and had identified any "suspicious" books and authors that appeared on each user's wishlist.

But there was still more to do. Amazon allows a user to include their city and state information on their wishlist, so Tom had the information to take it to the next level: plotting his suspects on a Google map.

Starbucks Little Secret

Here's a little secret that Starbucks doesn't want you to know: They will serve you a better, stronger cappuccino if you want one, and they will charge you less for it. Ask for it in any Starbucks and the barista will comply without batting an eye. The puzzle is to work out why...

Personal Security - USMC: Armor Shortfalls

A recent United States Marine Corps forensic study slams the Interceptor OTV body armor system, claiming "as many as 42% of the Marine casualties who died from isolated torso injuries could have been prevented with improved protection in the areas surrounding the plated areas of the vest. Nearly 23% might have benefited from protection along the mid-axillary line of the lateral chest. Another 15% died from impacts through the unprotected shoulder and upper arm," the report says.

Demonstration of WMF File Code Execution Vulnerability

Want to see how bad this latest Windows vulnerability is first hand? Have a look a this video by IronGeek.