Securing a 'Buzz' - Just what the Doctor Ordered...

'Buzz Donut' offers sweet caffeine fix

Dr. Robert Bohannon wants you in his world. It's fast, upbeat, jovial and driven by caffeine -- lots of it.

But four to six cups of coffee a day aren't enough for Bohannon. And he believes others share his need for more options when it comes time to pursue that caffeine buzz.

So the molecular scientist who moonlights as a café owner developed a way to add caffeine to baked goods, one that eliminates the natural, bitter taste of caffeine.

"This gives people the opportunity if they want to have a glass of milk and want to have caffeine. It will get them going," Bohannon said.

The amount of caffeine in his creations can vary, but Bohannon can easily put 100 milligrams of caffeine -- the equivalent of a 5-ounce cup of drip-brewed coffee -- into the treats he plans to market under the "Buzz Donuts" and "Buzzed Bagels" names.

Full story here.

X-ray cameras 'see through clothes'

From across the pond...

The Government is considering installing X-ray cameras on lampposts to spot armed terrorists and other criminals.

According to a leaked memo seen by The Sun, "detection of weapons and explosives will become easier" if the scheme drawn up by Home Office officials is adopted.

However, officials acknowledged that it would be highly controversial as the cameras can "see" through clothing.

"The social acceptability of routine intrusive detection measures and the operational response required in the event of an alarm are likely to be limiting factors," the memo warned.

"Privacy is an issue because the machines see through clothing."

Full story here.

Kaspersky Lab releases an article about Vista and security

The Kaspersky Lab folks have released a new article entitled Vista vs. Viruses, in which Alisa Shevchenko, a Kaspersky Lab antivirus expert, analyzes various aspects of IT security with specific reference to Windows Vista.

You can read the full version of the article, Vista vs. Viruses, on Viruslist.com.

Vista Version - What would you pick?

National Security

What do you think... good thing or bad thing?

While you were sleeping (Bush took over the Government)

United States President stealthily took over the Federal Government last week through a new executive order last week that takes away all autonomy from Agencies, according to public interest organizations.

The order amends a series of previous executive orders that culminated in Executive Order No. 12,866, which the White House has used to give itself the power to review regulations before they can be officially published in the Federal Register.

Full story here:

Some "Brief" Friday Fun

From the website:

The "Brief Safe" is an innovative diversion safe that can secure your cash, documents, and other small valuables from inquisitive eyes and thieving hands, both at home and when you're traveling. Items can be hidden right under their noses with these specially-designed briefs which contain a fly-accessed 4" x 10" secret compartment with Velcro closure and "special markings" on the lower rear portion. Leave the "Brief Safe" in plain view in your laundry basket or washing machine at home, or in your suitcase in a hotel room - even the most hardened burgler or most curious snoop will "skid" to a screeching halt as soon as they see them. (Wouldn't you?) Made in USA. One size. Color: white (and brown).

To add realistic smell, check out "Doo Drops".

One Hacker Kit Accounts For 71% Of Dec Attacks

Tagged with the moniker "Q406 Roll-up," the attack kit was behind 70.9% of last month's attacks, reported Atlanta, Ga.-based Exploit Prevention Labs. Up to a dozen different exploits make up the kit, which includes several exploits derived from the proof-of-concept code that researcher HD Moore published in July 2006 during his "Month of Browser Bugs" project.

Exploit Prevention Labs launched a line of exploit detection tools -- LinkScanner Lite and LinkScanner Pro -- in November. The former is free, while the latter is priced at $19.99 for a one-year subscription.

More info here:

Low Tech Fix for High Tech Problem

Handheld Paper Shredder The Shredder Hand is the most convenient and compact way to get rid of those expired coupons, unwanted papers and old, confidential paper documents. At first glance it's just a pair of scissors, but with further exploration you will see that you can shred documents, or just parts of documents, without any electric or battery-operated power. Being the cheapest shredding option around it is amazing to think that it also has a long life and is small enough to be transported easily from the home to the office or classroom.

The Silver Bullet Security Podcast

The tenth episode of The Silver Bullet Security Podcast features a panel discussion with the Fortify Software Technical Advisory Board, several of whom have been featured on previous episodes. The group discusses what commercial software tools can learn from academic research, the state of software security in China, real world lessons learned while using static analysis tools, and software security pedagogy.

Aircrack-ng 0.7 is Released

aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact aircrack is a set of tools for auditing wireless networks.

Aircrack-ng is the next generation of aircrack with lots of new features (planned and wanted).

Risky Business - Greynets

We know very well that many security breaches occur due to simple human error. While most people know by now, not to write down passwords and/or leave their laptops unprotected, they may not know about a relatively new threat: greynets.

A new FaceTime study reports -

2007's Biggest Risk: Employees Undermining Corporate Security

The danger of this new breed of malware is compounded by the increasingly risky behavior of today's employees, who frequently introduce consumer greynet applications onto the corporate network– most often without the sanction of their IT department. The user is squarely at the cornerstone of enterprise security concerns, according to FaceTime's Second Annual Greynets Survey (October, 2006). The survey revealed that:

• Four in ten end users (39%) believe they should be allowed to "install the applications they need on their work computers," independent of IT oversight or policy.
• Fifty-three percent of end users report they "tend to disregard" company policies that govern greynet usage, specifically IM and peer-to-peer file sharing.
• Eight in ten IT managers are at locations that have experienced greynet-related attacks within the last six months
• The number of greynet applications installed on a typical enterprise network have increased dramatically; work locations where eight or more greynet applications are in use have doubled, growing from 20 percent of all locations in 2005 to 41 percent in 2006.
• Sixty percent of managers report that within the past six months, security attacks have been more likely to have invisible effects (like keyloggers) rather than outcomes apparent to the end user, such as a hijacked browser, making compromised PCs more difficult to detect.

Swedish bank hit by 'biggest ever' online heist

Two take-aways from this story...

One - this wasn't an online bank heist, this was just a plain old dumb user heist.

Nordea spokesman for Sweden, Boo Ehlin, said that most of the home users affected had not been running antivirus applications on their computers.

Ehlin blamed successful social engineering for the heist, rather than any deficiencies in Nordea's security procedures.

"It is more of an information, rather than a security problem," said Ehlin. "Codes are a very important thing. Our customers have been cheated into giving out the keys to our security, which they gave in good faith."

Two - why should the bank be responsible for this? If I break into your house and steal your checkbook and/or a credit card, is the bank responsible? How is this different?

The bank has borne the brunt of the attacks and has refunded all the affected customers.

RF Jammer

Ninja Strike Force member Lady Ada has posted a design for a self-tuning, microprocessor controlled, wide band RF jammer.

This website details the design and construction Wave Bubble: a self-tuning, wide-bandwidth portable RF jammer. The device is lightweight and small for easy camoflauging: it is the size of a pack of cigarettes.

Lost HOPE?

2600 Magazine's hacker conference Hackers On Planet Earth (HOPE) has been held at the Hotel Pennsylvania since 1994...

HOTEL PENN THREATENED WITH DEMOLITION - HOPE CONFERENCES IN JEOPARDY

We received this disturbing news earlier in the month. Apparently the realty company that owns the Hotel Pennsylvania, site of our HOPE conferences, wants to tear down the historic hotel and replace it with a huge financial tower. Such a move could spell the end of HOPE.

The Hotel Pennsylvania was built in 1919 and has a very rich history. It has been home to many a "big band" concert in its early years and was the inspiration for the famous Glenn Miller song "PEnnsylvania 6-5000," a phone number that still rings at the Hotel Pennsylvania switchboard. The building itself, as any HOPE attendee knows, is filled with hidden corridors, rooms, and even floors. Being right across the street from Penn Station (New York's main train station), it's extremely easy to get to for those coming to New York for the first time. And because it's not an overly expensive place to stay, it's proven very popular for travelers from all over the world.

We've hosted five HOPE conferences at the Hotel Pennsylvania since 1994 and the next one is set for 2008. In preparation for this, and to discuss the fate of the hotel among other things, we are today launching a web-based forum for all things HOPE-related. You can reach this brand new forum at talk.hope.net.

Secure Relationship?

1 in 8 men would dump their girlfrend for an iPod

Yes, this is a fairly silly survey conducted on behalf of a company that wants you to use it to buy more gadgets. But still, the fact that one in eight men would apparently consider swapping their partner for the latest iPod, widescreen TV, home cinema system or fridge freezer is pretty shocking.

Full story here.

Verisign's ongoing Quarterly Vulnerability Challenge

Computer security firm Verisign (iDefense) is offering some hefty bounties on vulnerabilities reported in Microsoft's Windows Vista operating system and IE7 web browser. It's a part of Verisign's ongoing Quarterly Vulnerability Challenge, where hackers of the world are invited to exploit various categories of software for fun and profit...

Vulnerability Challenge Ground Rules:

• The vulnerability must be remotely exploitable and must allow arbitrary code execution in a default installation of one of the technologies listed above
• The vulnerability must exist in the latest version of the affected technology with all available patches/upgrades applied
• 'RC' (Release candidate), 'Beta', 'Technology Preview' and similar versions of the listed technologies are not included in this challenge
• The vulnerability must be original and not previously disclosed either publicly or to the vendor by another party
• The vulnerability cannot be caused by or require any additional third party software installed on the target system
• The vulnerability must not require additional social engineering beyond browsing a malicious site

Security Now 74: Peter Gutmann On Vista Content Protection

Steve Gibson's Security Now podcast just aired a very good interview with Peter Guttman, the security researcher who wrote "A Cost Analysis of Windows Vista Content Protection".

Personal Security - Dirty Hospitals

Two million patients are infected in hospitals each year and 90,000 of those Americans die.

Of every 20 people who go into a U.S. hospital, one of them picks up something extra: an infection. It's a lousy card to draw. Infection stalls recovery, sometimes requiring weeks of intravenous antibiotics or a grueling round of surgeries to remove infected tissue. And for 90,000 Americans a year, the infections are a death sentence.

Full story here.

WTF or TGIF... It's Friday - Teacher found guilty of exposing kids to smut

State Prosecutor David Smith said he wondered why Julie Amero didn't just pull the plug on her classroom computer.

The six-person jury Friday may have been wondering the same thing when they convicted Amero, 40, of Windham of four counts of risk of injury to a minor, or impairing the morals of a child. It took them less than two hours to decide the verdict. She faces a sentence of up to 40 years in prison.

Full story here.

Those poor kids! I imagine they will be scared for life and their morals impaired forever...

Secure World? Not

George W. Bush told Americans he would send over 20,000 more U.S. troops to halt Iraq's collapse into civil war.

The surge in troops will do nothing to change the underlying dynamics that continue to drive the violence in Iraq: deep-seated religious, ethnic, and tribal divisions and hatreds; and a high and rising level of antipathy among Iraqis across the sectarian divide towards the continuing occupation of their country by Western armies...