Tuesday, October 16, 2007
10 reasons websites get hacked
List of top 10 web vulnerabilities classified by OWASP, here with a description of the problem and some examples.
Wait there is more! NSA is on your computer!
NSA LIKELY READING WINDOWS SOFTWARE IN YOUR COMPUTER
Sooner or later, a country that spies on its neighbors will turn on its own people, violating their privacy, stealing their liberties.
President Bush’s grab for unchecked eavesdropping powers is the culmination of what the National Security Agency(NSA) has spent forty years doing unto others.
And if you’re upset by the idea of NSA tapping your phone, be advised NSA likely can also read your Windows software to access your computer.
European investigative reporter Duncan Campbell claimed NSA had arranged with Microsoft to insert special “keys” in Windows software starting with versions from 95-OSR2 onwards.
And the intelligence arm of the French Defense Ministry also asserted NSA helped to install secret programs in Microsoft software. According to France's Strategic Affairs Delegation report, “it would seem that the creation of Microsoft was largely supported, not least financially, by NSA, and that IBM was made to accept the (Microsoft) MS-DOS operating system by the same administration.” That report was published in 1999.
The French reported a “strong suspicion of a lack of security fed by insistent rumours about the existence of spy programmes on Microsoft, and by the presence of NSA personnel in Bill Gates’ development teams.” It noted the Pentagon was Microsoft’s biggest global client.
And heck, who wouldn't belive the French?
More here.
Sooner or later, a country that spies on its neighbors will turn on its own people, violating their privacy, stealing their liberties.
President Bush’s grab for unchecked eavesdropping powers is the culmination of what the National Security Agency(NSA) has spent forty years doing unto others.
And if you’re upset by the idea of NSA tapping your phone, be advised NSA likely can also read your Windows software to access your computer.
European investigative reporter Duncan Campbell claimed NSA had arranged with Microsoft to insert special “keys” in Windows software starting with versions from 95-OSR2 onwards.
And the intelligence arm of the French Defense Ministry also asserted NSA helped to install secret programs in Microsoft software. According to France's Strategic Affairs Delegation report, “it would seem that the creation of Microsoft was largely supported, not least financially, by NSA, and that IBM was made to accept the (Microsoft) MS-DOS operating system by the same administration.” That report was published in 1999.
The French reported a “strong suspicion of a lack of security fed by insistent rumours about the existence of spy programmes on Microsoft, and by the presence of NSA personnel in Bill Gates’ development teams.” It noted the Pentagon was Microsoft’s biggest global client.
And heck, who wouldn't belive the French?
More here.
Because George said NO!
More on GW's spying program -According to documents released by lawmakers on Monday, major U.S. telephone carriers refused to answer questions from the Democratic-led Congress about their possible participation in President George W. Bush's warrantless domestic spying program...
More...
Saturday, October 13, 2007
Pre-9/11 wiretap bid is alleged
Why is this a surprise to anyone?
A former Qwest Communications International executive, appealing a conviction for insider trading, has alleged that the government withdrew a $200-million contract after Qwest refused to participate in an unidentified National Security Agency program that the company's top lawyer said was illegal.
Nacchio's account, which places the NSA proposal at a meeting on Feb. 27, 2001, suggests that the Bush administration was seeking to enlist telecommunications firms in programs without court oversight before the terrorist attacks. The Sept. 11 attacks have been cited by the government as the main impetus for its warrantless surveillance efforts.
More here.
Same church different pew...
http://www.wired.com/science/discoveries/news/2006/04/70619
A former Qwest Communications International executive, appealing a conviction for insider trading, has alleged that the government withdrew a $200-million contract after Qwest refused to participate in an unidentified National Security Agency program that the company's top lawyer said was illegal.
Nacchio's account, which places the NSA proposal at a meeting on Feb. 27, 2001, suggests that the Bush administration was seeking to enlist telecommunications firms in programs without court oversight before the terrorist attacks. The Sept. 11 attacks have been cited by the government as the main impetus for its warrantless surveillance efforts.
More here.
Same church different pew...
http://www.wired.com/science/discoveries/news/2006/04/70619
Monday, October 01, 2007
Thursday, September 27, 2007
18th episode of The Silver Bullet Security Podcast
Gary talks with Dr. Eugene Spafford, better known as “Spaf.” Spaf is a professor of computer science and Electrical and Computer Engineering at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS). On this episode, Gary and Spaf discuss the role of software testing in computer security, commercial certifications and whether they obviate the need for academic training, how Spaf feels about so-called “ethical hacking,” and why auditing and compliance is an area of emerging specialization.
Sunday, September 23, 2007
Saturday, September 22, 2007
Wednesday, September 19, 2007
Today (9/19) is International Talk Like A Pirate Day
Put a parrot on your shoulder, strap on a peg leg, hit the rum and start bellowing "Shiver me Timbers" -- Wednesday is International Talk Like A Pirate Day.
"Pirates of the Caribbean" star Johnny Depp is not the only over-the-top buccaneer allowed to have fun.
September 19 is your once-a-year chance to don an eye patch, sport a ridiculously large hat and keep on saying "Arrrrr.
It all started back in the 1990s as a cult joke between two American friends -- John "Ol Chumbucket" Baur and Mark "Capn Slappy" Summers -- but really took off when syndicated columnist Dave Barry got to hear about their surreal festival.
Monday, September 17, 2007
Crime does pay!
Internet crime has become a major commercial activity, reveals a report by computer security company Symantec.
The report said cyber crime had become increasingly professional and was now a multi-billion dollar industry.
The underground economy has its own auction sites and marketplaces that sell valuable data such as credit card numbers and bank accounts.
They also sell toolkits for novice cyber criminals who lack technical know-how to craft their own attacks.
BBC story.
The report said cyber crime had become increasingly professional and was now a multi-billion dollar industry.
The underground economy has its own auction sites and marketplaces that sell valuable data such as credit card numbers and bank accounts.
They also sell toolkits for novice cyber criminals who lack technical know-how to craft their own attacks.
BBC story.
Hackers hit US stockbroker TD Ameritrade
Only email addresses? Yea right...
Stock broking firm TD Ameritrade has revealed a breach to one of its databases resulting in the theft of user data.
The company confirmed that, while online account numbers and passwords were not compromised, customer names, email addresses and phone numbers had all been stolen.
The database also contains Social Security numbers, although TD Ameritrade claimed that there is no evidence to suggest that the numbers were among the stolen data.
A spokesperson for the company told vnunet.com that the compromised database stored information on all of the company's 6.3 million customer accounts. It is not yet known how many customers were directly affected.
Story here.
Stock broking firm TD Ameritrade has revealed a breach to one of its databases resulting in the theft of user data.
The company confirmed that, while online account numbers and passwords were not compromised, customer names, email addresses and phone numbers had all been stolen.
The database also contains Social Security numbers, although TD Ameritrade claimed that there is no evidence to suggest that the numbers were among the stolen data.
A spokesperson for the company told vnunet.com that the compromised database stored information on all of the company's 6.3 million customer accounts. It is not yet known how many customers were directly affected.
Story here.
Thursday, September 06, 2007
Osama bin Laden, drove a Canadian-flagged motorcade through two security checkpoints in Sydney
Members of an Australian comedy TV show, one dressed as Osama bin Laden, drove a Canadian-flagged motorcade through two security checkpoints in Sydney Thursday before being stopped near a hotel where U.S. President George W. Bush is staying.
The stunt-embarrassed Sydney police had imposed the tightest security measures in the city's history. The Australian city is hosting a summit of leaders from Pacific Rim countries, including Bush and Canadian Prime Minister Stephen Harper, who arrived Thursday.
Police arrested 11 cast and crew from the TV program, The Chaser's War on Everything, and impounded three vehicles, the Australian Broadcasting Corp., which airs the show, said on its website.
Full story here.Monday, September 03, 2007
The First Amendment, Satellite Imagery and National Security
So what should MS of done?Recently a photograph appeared on the Internet of the propeller on an Ohio-class ballistic missile submarine at Trident Submarine Base in Bangor. A key to the submarine's ability to deploy and remain undetected, propeller designs have been kept under wraps for years, literally. When out of the water, the propellers typically are draped with tarps.
The propeller image appeared on Microsoft's mapping tool, Virtual Earth. It was discovered accidentally by Dan Twohig, a deck officer with the Washington state ferry service who was using the program to examine real estate on the west side of Puget Sound.
More here.
ShmooCon '08
Start planning now... TSG is happy to announce that ShmooCon '08 will take place at the Wardman Park Marriott in Washington DC, February 15-17.
17th episode of The Silver Bullet Security Podcast
Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demostrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers.
Thursday, August 30, 2007
How the FBI Wiretap Net Operates
The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.
The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected.
Wired story here.
EFF has the document here.
The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected.
Wired story here.
EFF has the document here.
The Burning Man Project 07
Oh my... Premature burning...
(Black Rock City - August 28, 2007) The Man at the center of Black Rock City will be rebuilt after an overnight fire which damaged the effigy at the center of the Burning Man event. Rebuilding is expected to take about two days.
Black Rock City officials say there was structural damage to the figure of the Man, but relatively little damage to the art and exhibits at the base of the Man. No injuries were reported.
An arson investigation is underway, and one arrest was made shortly after the fire was set. No charges have been announced, and the name of the suspect is being withheld. There has been no discussion of motive in the episode.
Burning Man
(Black Rock City - August 28, 2007) The Man at the center of Black Rock City will be rebuilt after an overnight fire which damaged the effigy at the center of the Burning Man event. Rebuilding is expected to take about two days.
Black Rock City officials say there was structural damage to the figure of the Man, but relatively little damage to the art and exhibits at the base of the Man. No injuries were reported.
An arson investigation is underway, and one arrest was made shortly after the fire was set. No charges have been announced, and the name of the suspect is being withheld. There has been no discussion of motive in the episode.
Burning Man
Tuesday, August 28, 2007
Monday, August 20, 2007
Take the back roads when taking the back road...
Adulterers, beware: Your cheatin' heart might be exposed by E-ZPass. E-ZPass and other electronic toll collection systems are emerging as a powerful means of proving infidelity. That's because when your spouse doesn't know where you've been, E-ZPass does.
"E-ZPass is an E-ZPass to go directly to divorce court, because it's an easy way to show you took the off-ramp to adultery," said Jacalyn Barnett, a New York divorce lawyer who has used E-ZPass records a few times.
More here.
"E-ZPass is an E-ZPass to go directly to divorce court, because it's an easy way to show you took the off-ramp to adultery," said Jacalyn Barnett, a New York divorce lawyer who has used E-ZPass records a few times.
More here.
Friday, August 17, 2007
Friday Fun - The Vomit-Inducing Flashlight
Picking your favorite non-lethal weapon can be tough. I'm partial to the microwave-based Active Denial System that former PopSci editor Eric Adams had the, er, courage to stand in front of a few years ago. (An experience described in detail here.) Or I might give a nod to the paralyzing, hardening foam that momentarily holds down The Hulk in the 2003 movie, and has been used by the U.S. military with mixed results.But a California company may be developing the real winner, an LED-based flashlight that shoots out incredibly bright pulses of light, and can potentially induce vomiting. The Department of Homeland Security is funding the study, and Penn State will begin testing it this fall at the Institute of Nonlethal Defense Technology.
Story from Popular Science Blog.
