WiFi Security That Really Works

A nice article that explains wireless security methods. Also has a good comparison of WPA and WPA2.

Time's Up, Einstein

His paper rocked the physics world -- and the space-time continuum. Not bad for a college dropout who critics say may not even exist. By Josh McHugh from Wired magazine. -Thought provoking, but a bit long, read for the physics kids...good for dummies too.

U.S. military tries to solve identity theft with Boca-based cyber technology

The U.S. military is seeking the ultimate answer to identity theft and Internet hacking in a physics-based cyber security system secretly developed five years ago in a private Boca Raton laboratory, officials close to the partnership said this weekend. A team of top war games scientists from NSA, the U.S. Joint Forces Command's Joint Futures Laboratory (JFL) and a host of other military agencies reportedly spent more than a year attempting to hack 100 prototype units of the Location Specific Digital Fingerprint (LSDF) system invented in 2000 at the Boca-based Digital Authentication Technologies Inc. Their efforts to develop and test the ultimate anti-hacking device became public knowledge in a news release published last Monday on the military agency's Web site.

Why it's smart to disobey officials in emergencies

Maybe PJ should rethink the DR plan. Wired has an article about why disobeying officials was a good idea for the folks in the World Trade Center on 9/11. Key quote: "[I]t turns out that one of the lessons is: Disobey authority. In a connected world, ordinary people often have access to better information than officials do."

Top-Heavy Tart Rips off More Than Her Shirt

A one-time porn queen, using brazen beauty and come-hither eyes, ripped off six New Jersey banks to the tune of $40,000 in an identity-theft scam by dolling herself up in a black pinstriped power suit and heels and posing as an actual bank customer, police said.

The jiggly sexpot, known to the adult world simply as Farrah, but to police as Joy Marquart, 30, was busted at a Washington Mutual branch in Emerson on Monday after a teller realized her drivers' license was a fake, authorities said.

The bodacious blonde had successfully fooled tellers at other banks, in Emerson, Fair Lawn, Hackensack, Oradell, Ridgewood and Westwood in recent months, said Emerson Police Detective Sgt. George Buono. Each haul netted $6,000 to $7,500, he said.

But investigators believe the top-heavy tart was merely a gorgeous face fronting for a Big Apple-based identity-theft ring that recruited attractive, white, suburban-looking women to rip off bank accounts.

"She isn't the mastermind by any stretch of the imagination," Buono said.

Taking actual customers' names and account numbers, the thieves fashioned fake IDs with Marquart's mug on them, along with phony checks and debit cards, so that she could make withdrawals, Buono said.

Marquart was being held at the Bergen County Jail yesterday on theft charges in lieu of $105,000 bail.

Police are searching for Marquart's accomplices and were trying to figure out how they got hold of people's information.

DHS flunks test - CIA plays games

The U.S. Department of Homeland Security has failed to live up to its cybersecurity responsibilities and may be "unprepared" for emergencies, federal auditors said in a scathing report released Thursday 5/26.

The dismal grade for Homeland Security comes as the federal government is conducting a war game called "Silent Harbor" that's designed to model what might happen during an electronic attack on the United States. The exercise was being conducted in Charlottesville, Va., by members of the CIA's Information Operations Center, which evaluates foreign threats to U.S. computer systems, particularly those that support critical infrastructures. It was expected to conclude Thursday.

ZombieMeter keeps track of hacked PCs

Internet security company CipherTrust on Thursday breathed life into its ZombieMeter, a new system that tracks traffic from hacked, or zombie-PCs, around the world.

Touch-Screen Voting

David Card and Enrico Moretti, both economists at UC Berkeley, have published an interesting analysis of electronic voting machines and the 2004 election: "Does Voting Technology Affect Election Outcomes? Touch-screen Voting and the 2004 Presidential Election."

Here's the abstract:

Supporters of touch-screen voting claim it is a highly reliable voting technology, while a growing number of critics argue that paperless electronic voting systems are vulnerable to fraud. In this paper we use county-level data on voting technologies in the 2000 and 2004 presidential elections to test whether voting technology affects electoral outcomes. We first show that there is a positive correlation between use of touch-screen voting and the level of electoral support for George Bush. This is true in models that compare the 2000-2004 changes in vote shares between adopting and non-adopting counties within a state, after controlling for income, demographic composition, and other factors. Although small, the effect could have been large enough to influence the final results in some closely contested states. While on the surface this pattern would appear to be consistent with allegations of voting irregularities, a closer examination suggests this interpretation is incorrect. If irregularities did take place, they would be most likely in counties that could potentially affect statewide election totals, or in counties where election officials had incentives to affect the results. Contrary to this prediction, we find no evidence that touch-screen voting had a larger effect in swing states, or in states with a Republican Secretary of State. Touch-screen voting could also indirectly affect vote shares by influencing the relative turnout of different groups. We find that the adoption of touch-screen voting has a negative effect on estimated turnout rates, controlling for state effects and a variety of county-level controls. This effect is larger in counties with a higher fraction of Hispanic residents (who tend to favor Democrats) but not in counties with more African Americans (who are overwhelmingly Democrat voters). Models for the adoption of touch-screen voting suggest it was more likely to be used in counties with a higher fraction of Hispanic and Black residents, especially in swing states. Nevertheless, the impact of non-random adoption patterns on vote shares is small.

Intel Releases Pentium 4 with Dedicated Virus Coprocessor

Intel today announced they would begin shipments of the new Pentium 4 Virus Edition processor the Pentium 4VE. Intel claims that this processor provides the most effective tool for combating the Windows virus threat so far. The Pentium 4VE processor provides hardware acceleration through a coprocessor dedicated to running viruses thus relieving the CPU of this burdensome task. Intel Corporation CEO Craig Barrett today described how Intel is solving the biggest problem in IT today. "We are taking an innovative approach that can simply not be done with software alone," he said. "It's clear that you cannot get rid of viruses and spyware so we suggest you just run them in hardware and get the rest of your CPU back." The new processor features a 4 GHz virus coprocessor that will provide a staggering performance of 25 Million BIPS (Bots Infected Per Second). "This is industry-leading virus performance," said Barret.

Default Password List

An exhaustive list of default passwords for wireless access points etc.

Russian Business will Pay to Spread Spyware

An online business based in Russia will pay websites 6 US cents for each machine they infect with adware and spyware, security researchers said this week, calling the practice "awful". iframeDOLLARS.biz, which according to a WHOIS lookup is registered to a Nick Fedorov in Nizhny Novgorod, a Russian city on the Volga about 240 miles east of Moscow, will pay Webmasters to place a one-line exploit on their sites. The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated, however, would still be vulnerable to the exploit. According to analysis done by the SANS Institute's Internet Storm Center, the exploit drops at least nine pieces of malicious code, including backdoors, other Trojans, spyware, and adware, on any PC whose user surfs to a site hosting the exploit code. iframeDOLLARS says it pays US$61 per thousand unique installs, or 6.1 US cents per compromised machine, to any site that signs up as an affiliate.

Whoppix 2.7 Final (may18-0340.iso)

Whoppix is a stand alone penetration testing live cd based on Knoppix 3.8.2. Whoppix includes several exploit archives, such as Securityfocus, Packetstorm, SecurityForest and Milw0rm, as well as a wide variety of updated security tools. The new custom kernel also allows for better WIFI support, for tools such as Aireplay.

George you might enjoy this- Metasploit Meterpreter Demo

OK, Dan you can watch also...

Systm episode #1

Systm episode #1 will be released on Monday May 23rd at 11:00 PM EST! To kick off this new series they are throwing a house party. While they don't have enough room for everyone, they would love to have you take part! Starting at 9:00 PM they will fire up a live webcam of the festivities along with an IRC chat room. Chat with Kevin, Dan, Keith and Ron (systm crew) along with other ex TechTV staffers (Leo, Pat, Yoshi, Alex, and others have all been invited).

Hacker Hunters - An elite force takes on the dark side of computing

You hear about FBI, Secret Service or other law enforcement authorities involved in pursuing international cybercrime gangs, but who are those people and how does the cyberlaw enforcement work? Business Week talks about hacker hunters and people they're after.

A large portion of the article is dedicated to describing the global scope of such activites with Russia, Eastern Europe and China leading the ranks for criminal hideouts.

Google Tools for Automated Hacking Tests

There are a variety of tools available to automate and enhance your Google hacking tests. One of my favorites is Johnny Long's Google Hacking Database (GHDB), it provides tons of query samples that you can tweak and use on your own sites and domains.

Phishers Turn DNS Servers Against Authorities

Phishing scammers are cleverly abusing automated "bots" by targeting DNS servers, security experts have warned. The new technique makes it significantly harder to shut down phishing sites.

How To Crack WEP - Part 2: Performing the Crack

Part 2 describes how to use additional tools found on the Auditor CD to capture traffic and use it to crack a WEP key. Also described is how to use deauthentication and packet replay attacks to stimulate the generation of wireless traffic that is a key element of reducing the time it takes to perform a WEP key crack.

BSA: One Third of All Software Pirated

A new study from the BSA (Business Software Alliance) paints a troubling picture for the software industry. Although the global rate of piracy decreased by an entire percent from 2003 to 2004, the total financial losses increased by $4 billion. In total, nearly one third of all software currently used around the globe is pirated.

Honeynet KYE: Phishing paper Published

The Honeynet projected published a "Know Your Enemy: Phishing" paper today. The paper focuses on observed examples and goes in-depth to analyze the intent and method of phishers in getting information.

The paper is available here:

Armadillo Crashes MoD Network

Well, it wasn't a real Armadillo, only a video.

A popular video spoof caused Ministry of Defense computers to crash, including those at Britain's secret strike command headquarters in Buckinghamshire.

Computer screens controlling British air defenses and warplanes around the world are reported to have gone blank for five hours.

"We couldn't believe it when the screens went blank," said one RAF officer at the MoD in Whitehall. "After several hours of staring at nothing we went to the pub and then went home early. But it would have been extremely serious if some big operation had been on the go."