Shmoocon 2006 Follow-Up

Badges: The ShmooCon 2006 Badges were made of Stainless Steel. Some people thought the badges were a bit dangerous, but they were quite tame compared to the original design. There were 20 different badge designs, including Speaker, Staff, Shmoo & Attendee. Finding a complete set to put the puzzle together took a bit of work and the prize went to Grey Frequency who met over 200 attendees and traced badges to put it all together.

Video: Finally starting to get some movies online... Check out the speaker list to see if the movie you're looking for is online yet. They will be posting about 5 movies a day. Hopefully in a week or so they'll all be online.

A Good List of Live CD Distributions

10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) A good list for those who are interested and haven't seen it...

Secure Voice over IP: Zfone

For law-abiding Americans who don't care for those pesky involuntary three-way calls with the NSA, PGP creator Philip Zimmermann has released a new product for encrypting any SIP VoIP voice stream. His first release is Mac & Linux only.

Tool Time - USB, FireWire and PCMCIA Scanner

DeviceLock Plug and Play Auditor is a non-intrusive clientless freeware software solution that generates reports displaying the USB, FireWire and PCMCIA devices currently connected to computers in the network and those that were connected. Its multithreaded engine ensures fast, unobtrusive auditing of all activity on any computers in an organization.

The Bookmaker, the Wiz Kid and the Extortionist

Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.

Ubuntu

Named after an African word for “humanity to others,” Ubuntu is a completely free distribution (based on Debian) fully developed by the Linux community. While this may be said for other Linux distributions, the real difference is in the ability (or right) that Ubuntu grants you to alter the software in any way that you want. To quote the developers, “Not only are the tools you need available free of charge, you have the right to modify your software until it works the way you want it to.”

Among the other public commitments the Ubuntu team makes, the team promises that the operating system will always be free, and there will be a new release every six months (each release is supported for 18 months).

More info and download here.

Prisoner 151716 of Cellblock 1A

Under the government of Saddam Hussein, Mr. Qaissi was a mukhtar, in effect a neighborhood mayor, a role typically given to members of the ruling Baath Party and closely tied to its nebulous security services. After the fall of the government, he managed a parking lot belonging to a mosque in Baghdad.

He was arrested in October 2003, he said, because he loudly complained to the military, human rights organizations and the news media about soldiers' dumping garbage on a local soccer field. But some of his comments suggest that he is at least sympathetic toward insurgents who fight American soldiers.

"Resistance is an international right," he said.

Weeks after complaining about the garbage, he said, he was surrounded by Humvees, hooded, tied up and carted to a nearby base before being transferred to Abu Ghraib. Then the questioning began.

Read the full story here.

Computer Security Awareness Video Contest Winners

The EDUCAUSE/Internet2 Computer and Network Security Task Force and the National Cyber Security Alliance would like to announce the winners of a computer security awareness video contest, which was held as part of a national campaign to raise awareness of and increase computer security at colleges and universities. The contest searched for two categories of short computer awareness videos that addressed a broad range of security topics or focused on a single security issue. Submissions were developed by college students for college students. The winning videos are featured here and will be used in campus security awareness campaigns and efforts.

The contest included 62 video submissions from 17 universities. Winners were selected for creativity, content, and quality of information; overall effectiveness of delivery; and technical quality. Cash prizes were awarded to winners in each category. The two gold winners received $1,000, the two silver winners received $800, and the two bronze winners received $500 in cash prizes. For additional information, please see the press release.

See the winners here.

Cracking Windows Passwords with BackTrack and the Online Rainbow Tables at Plain-Text.info

Irongeek Video: Cracking Windows Passwords with BackTrack and the Online Rainbow Tables at Plain-Text.info
Title says it all...

Happy Friday

ABA Journal - Stolen Lives

An American Bar Association article about the current state of the law regarding identity theft, and what you can do about the companies leaking your information.

The Analog Hole

A nice essay on the human dimension of the problem of securing information.

I try to avert my eyes when the person sitting next to me on the plane opens a laptop and displays a confidential memo. It may have been transmitted over a secure link (though it probably wasn’t), and it may be encrypted on disk (though it probably isn’t), but there it is in plain view, pouring out of the analog hole.

Spyware List

Here's a list of over 270 more spyware removal tools to avoid.

SecurityForest.com

SecurityForest.com is a collaboratively edited Forest consisting of Trees which anyone can contribute to. SecurityForest's trees are specific security repositories that are categorized for practical reasons.The technologies currently in use in these repositories are based on Wiki (http://en.wikipedia.org/wiki/Wiki) technology and CVS (Concurrent Versioning System) (http://www.cvshome.org/) technology. Depending on the species of the tree - the suitable technology will be used. SecurityForest.com is a collection of repositories (trees) for the community - by the community. In other words - the updating, modifying and improving can be done by anyone in the community.

Live Action Recreation of the intro to The Simpsons

Not security related, but this is cool... Watch the video here.

And while we are on a geek video kick, Google Video has some great stuff. You can find quite a range from "Fear of Girls" (True Love is but a +2 Broadsword away) to this ten minute video of Disneyland's Main Street USA, right after it opened in 1956.

Online Amateurs Crack Nazi Codes

Three German ciphers unsolved since World War II are finally being cracked, helped by thousands of home computers. The codes resisted the best efforts of the celebrated Allied cryptographers based at Bletchley Park during the war. Now one has been solved by running code-breaking software on a "grid" of internet-linked home computers.

More info here.

Fun with Stored Value Cards

This site goes into detail about how the FedEx Kinko's ExpressPay stored value card can be hacked. ExpressPay is a system developed by EnTrac Technologies, of Toronto. The system uses smart cards from Infineon, but does not secure data on the cards...

Hydra - A very fast Network Logon Cracker

HYDRA from THC is a dictionary based password cracker that works on the services listed below.

Number one of the biggest security holes are passwords, as every password security study shows.

Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2, Cisco AAA (incorporated in telnet module).

This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.

Friday Fun - Jon Stewart on Larry King

The only reason to watch the Oscars this Sunday, will be Jon Stewart...

In case you missed Jon Stewart on Larry King the other night, Crooks & Liars has video and a partial transcript (but you really need to see or hear it, because a lot of the way Jon Stewart talks is lost in the literal written tranlsation.) Larry King made several feeble attempts to create controversy, and Jon Stewart kicked him square in the nuts each time. Witness this exchange:

KING: You don't want Medicare to fail?

STEWART: Are you insane?

KING: No.

STEWART: You're literally asking me if I would prefer -- yes, Larry, what I'm saying to you as a comedian I want old people to suffer, old and poor people to suffer. That is -- that is -- what we want is -- what seems absurd to me is the length that Washington just seems out of touch with the desires of Americans to be spoken to as though they are adults.

Nice try, Larry; too bad Jon didn't go for it. Maybe you can team up with Nancy Grace for a two hour Aruba Special to get back on familiar, more comfortable ground.

That question was just one of several "gotcha" attempts which failed spectacularly when Jon refused to take the bait, and instead turned the ludicrous question back on Larry King, who of course had no response other than this painful frozen half-smile that was equal parts fear and lothing. When Larry King wasn't completely controlling the tone and content of the show, you could feel how uncomfortable he was. Jon Stewart was so funny, and so quick-witted, and so smart and so insightful, if Larry King wasn't trying so hard to create controversy where there was none, you'd almost feel bad that he wasn't able to keep up.

Thanks to WWdN

Security Awareness Tips from DHS/US-Cert

The U.S. Department of Homeland Security has a new set of posters with info on how to report a suspicious cyber incident and some security best practices tips. The posters are available for download and can be put on the wall in the old coffee room, or your cubicle...

Simpsons 'trump' First Amendment

This is from a BBC story... Nice to see how they see us across the pond...

Americans know more about The Simpsons TV show than the US Constitution's First Amendment, an opinion poll says.

Only one in four could name more than one of the five freedoms it upholds but more than half could name at least two members of the cartoon family.

About one in five thought the right to own a pet was one of the freedoms.