Turning IE into a private Adult Content Browser

Privacy View Software, LLC, announces the release of Privacy View 2.10, a new version of the company’s privacy software for adults. Privacy View is part privacy software and part content management software aimed at people who surf for adult content. The new version of the software was release August 31, 2006.

PI announces the 2006 Stupid Security Competition

Privacy International is calling for nominations to name and shame the worst offenders. The competition closes on October 31st 2006. The award categories are:

• Most Egregiously Stupid Award
• Most Inexplicably Stupid Award
• Most Annoyingly Stupid Award
• Most Flagrantly Intrusive Award
• Most Stupidly Counter Productive Award

The competition will be judged by an international panel of well-known security experts, public policy specialists, privacy advocates and journalists.

The competition is open to anyone from any country. Nominations can be sent to stupidsecurity@privacy.org.

Details of previous award winners can be found below, or at http://www.privacyinternational.org/ssa2003winners.

WIFI Camera Prototype

Nice use for the cans from a favorite snack...

The WiFi Camera Obscura uses a directional WiFi antenna as an aperture for taking "pictures" the radio energy from WiFi use in a room, and paints those pictures as a movie on a nearby wall. The pictures are lovely oil-slicks of revealed radiation.

Blackjacking - 0wning the Enterprise via the Blackberry

Presented at Defcon 14 - Las Vegas, NV 2006 by Jesse D'Aguanno

Abstract:

Research in Motion's Blackberry technology has quickly become the defacto standard for executives and technical personnel alike to maintain unteathered remote access to critical data. Often regarded as inherently secure, most administrators deploy this solution without a full understanding of the technology or risks involved.

This presentation will demonstrate how an attacker could utilize many typical corporate blackberry deployments to directly attack machines on the internal network—behind your perimiter defenses! The tools and source code presented will be available for attendees. Techniques for reducing the risks associated with this technology will also be presented.

Materials:

Presentation Slides	Blackberry Attack Toolkit (Including BBProxy)
Download	Download

Privacy Debacle Hall of Fame

Wired News lists what it considers to be the 10 greatest privacy disasters:

10. ChoicePoint data spill
9. VA laptop theft
8. CardSystems hacked
7. Discovery of data on used hard drives for sale
6. Philip Agee's revenge
5. Amy Boyer's murder
4. Testing CAPPS II
3. COINTELPRO
2. AT&T lets the NSA listen to all phone calls
1. The creation of the Social Security Number

Blackhat 06 Presentations

Didn't make it to BlackHat in Las Vegas this year? Well you can at least take a gander at the presentations online. They're available here as PDF's.

Cool speed test site

Speedtest.net is a general use broadband connection testing site with many geographically dispersed servers to test against. Plus it looks very cool...

Wireless networking source - .\\etrix Communication LLC

Interesting source for wireless networking software, parts, supplies and info.

Fridays are for fun! Secret Agent Earphones

Easy way to make FBI-escque earphones. This is very useful if you ever want to listen to music but also have one ear free (for instance while biking in the city)

Mystery hole opens in Cisco firewall

Some vendors like CheckPoint do one thing and do it extremely well... Others like Cisco do lots of things with mediocrity...

A security researcher has demonstrated how an unpatched vulnerability in Cisco?s PIX firewall appliances could allow outside attackers to gain access to corporate networks. On the final slide of his presentation at the Black Hat show on VoIP security, Hendrik Scholz, a developer with Freenet Cityline disclosed a technique for bypassing the firewalls, according to an audio recording of the talk obtained by IDG News. "You can open up whatever port you want... and access internal servers from the outside," he said "It's really easy to do and we're talking to Cisco about how to get it fixed." By now Black Hat is old hat for Cisco. Last year conference organisers were sued by the networking giant and had to literally rip a presentation by researcher Michael Lynn out of last year's conference materials because it disclosed flaws in its IOS software.

Phone numbers stations mystery revealed at DEFCON

For three months, mysterious telephone numbers have been appearing on the Craigslist classified ad site which, when called, play recordings which sound much like shortwave numbers stations used by certain governments to communicate with intelligence agents in the field who are unreachable by other means. Now the secret behind these phone numbers stations has been revealed.

Read the whole story here.

Hak5

Hak.5 is a video podcast for the hacker, modder and do-it-yourselfer. Hosted by Darren Kitchen and Wess Tobler on the 5th of each month, the show is a hybrid of technology and geek humor.

TOOOL, The Open Organisation of Lockpickers

Weekend fun... Ck the blackbag blog for info from Hope # 6 and a look at the very nice Hope number six pickset...

Dilbert - funny in a scary way...

Tuesday's Dilbert (quoted below, copyright Scott Adams, Inc) funny in a scary way...

Dilbert: Is it more important to follow our documented process or to meet the deadline? I only ask because our deadline is arbitrary and our documented process was pulled out of someone's lower torso.

PHB: Where's your artificial sense of urgency?

Dilbert: Teamwork killed it.

Cool and Illegal Wireless Hotspot Hacks

Nice article / tutorial by wireless guru, Dan Hoffman of 'Live Hacking Video' fame. As he often does, here he takes you step-by-step through some sweet wireless hacks and then shows you how to protect yourself from them..

Shark Analyzer

At least now there shouldn't be an argument on how to pronounce the name...

The Ethereal network protocol analyzer has changed its name to Wireshark and ver. 0.99.2 has been released. Several security-related vulnerabilities have been fixed and several new features have been added.

For a complete list of changes, please refer to the 0.99.2 release notes. Official releases are available right now from the download page.

Phish Spoofs 2-Factor Authentication

The first ever case of using a man-in-the-middle attack against an online bank was reported by the Post's Brian Krebs on Tuesday.

The security industry has long predicted this type of man-in-the-middle attack; it was only a matter of time. The attack targeted Citibank's Citibusiness service and was designed to spoof the token key hardware device used by the bank's customers. The phishing site checked the logon credentials with the real site before rendering the results to the phishing victim. Enter an invalid password, and you got an invalid logon page. A man-in-the-middle attack checks everything done at the phishing site against the original, so everything should look and feel more genuine.

Exactly the same kind of attacks can be used to target other types of two-factor authentication, including one-time password sheets.

Stevens' net neutrality expertise

Eighty-two year old Sen. Ted Stevens' complete inability to comprehend the internet would be kind of cute, were it not for the fact that the following soundbites were taken from his 11-minute speech regarding a bill that would have increased network neutrality mandates.

In that light, this quote is sort of terrifying: "The internet is not something that you just dump something on. It's not a big truck. It's, it's a series of tubes.

VulnerabilityAssessment.co.uk

An information portal for Vulnerability Analysts and Penetration Testers. The Penetration test Mindmap is a treat...

Friday Fun - Spy Gadgets

"This is a collection of "spy equipment" we have found for sale around the internet. Everything here is completely real, is sold at online stores, and almost any item listed here costs less than $500, and often times can be bought for less than $200."