Local Lawmaker Wants To Stop The State's Four-Year-Long Practice. Today, a Sacramento lawmaker showed how you could go to the Secretary of State's the web page where, until today, the state was selling your personal information for only $6 -- the cost of lunch.
read more | digg story
Sunday, September 16, 2007
fwknop-1.0 released: strongly authenticate to your closed Linux Firewall
Single Packet Authorization (SPA) is basically port knocking on steroids, and fwknop is the best supported and feature-rich implementation available today. I never worry about zero-day vulnerabilities in my SSH daemon while I'm running fwknop. This is the production-ready release of fwknop; use fwknop with iptables in a default-drop stance.
read more | digg story
read more | digg story
Pirate Party Launches High-Capacity Darknet
The Swedish Pirate Party has launched a commercial, high-capacity darknet, on an unprecedented scale and bandwidth. This service lets anybody send and receive files anonymously without being tracked or traced, and can pump data well over 10 megabits per second.
read more | digg story
read more | digg story
Spaf Writes More On Passwords And Myth
Eugene Spafford has written more about passwords to some of the comments made in response to his recent post about passwords.
read more | digg story
read more | digg story
Take the Zone Alarm Pepsi Challenge!
Interesting comparison of what 10 regular home PC users think when presented with the new Zone Alarm warning message in relation to blocking 180 Solutions software, as opposed to the old one. 180 might've been better off leaving well alone...
read more | digg story
read more | digg story
Free, Anonymous OpenID for You
OpenID is getting popular day by day and generating lot of discussion with varied response. I thought it would be a good idea to have a password-less/ anonymous OpenID that one can use. It is ready for you to use. No signup required. Just use http://www.jkg.in/openid/anything as your OpenID.
read more | digg story
read more | digg story
How the myspace SWF hack worked
As the title says, this is how the myspace SWF hack/hijack worked. There's no ads, and this isn't a blog - just a page I quickly made explaining what I found about the hack, also note that I didn't create the hack. I just found it interesting :)This is hosted on a random free host, which may die at any point - offers of hosting are welcome!
read more | digg story
read more | digg story
GoDaddy trashes Seclists.org
"I'm in the market for a new registrar. One who doesn't immediately bend over for any large corporation who asks." So says Seclists.org owner Fyodor, aka Gordon Lyon, speaking of GoDaddy.
read more | digg story
read more | digg story
2007: The year of the 9,999 vulnerabilities?
A look at the National Vulnerability Database statistics will reveal that the number of vulnerabilities found yearly has greatly increased since 2003. An average increase of 48% since 2002 indicates that breaking 10,000 vulnerabilities in 2007 is a real possibility, and may be problematic for some vulnerability tracking systems.
read more | digg story
read more | digg story
Zango Myspace partner still pushing their videos in Myspace
A few weeks ago, Zango Adware was being pushed via Myspace - after an outcry, the vids were pulled and you'd assume the affiliates account was cancelled. However, not only is the guy pushing Zango Adware from a new website, he is still installing from the old site too - the page is just not linked to. Something stink here? Yep.
read more | digg story
read more | digg story
Zyprexa Memos Leaked using Tor
The internal Ely Lilly memos have been leaked to the intenet using Tor. The anonymous post also launched a distributed netroots campaing organized around the 'zyprexakills' tag.
read more | digg story
read more | digg story
Reporting Vulnerabilities is for the Brave
The risks associated with reporting vulnerabilties are discussed in this recent CERIAS weblogs post. In the end, the author decides that the risks are too great, and decides that in the future, he will stay safe by staying quiet. Was this the right decision, or is reporting an issue regardless of the risks a moral necessity?
read more | digg story
read more | digg story
Interesting thing you can find with Google code search
Google launched a new code search feature today. People are already starting to use it to find username/passwords and other secure information.
read more | digg story
read more | digg story
HD DVD Encryption Hacked!
It looks like someone finally did it! "BackupHDDVD is a tool to decrypt a AACS protected movie that you own, so you can play it back later usingan HDDVD player software."
read more | digg story
read more | digg story
Eon8 - a Summary
Nice rundown of what Eon8 was all about, some of the after-effects and (of course) screenshots of the (sadly inevitable) hack attempts on the site.
read more | digg story
read more | digg story
Pirate Party Launches High-Capacity Darknet
The Swedish Pirate Party has launched a commercial, high-capacity darknet, on an unprecedented scale and bandwidth. This service lets anybody send and receive files anonymously without being tracked or traced, and can pump data well over 10 megabits per second.
read more | digg story
read more | digg story
Hardening OpenSSH with Single Packet Authorization
SSH is a critical service for encrypted connectivity, but even OpenSSH occasionally has security vulnerabilities. It is risky to allow arbitrary IP addresses to connect to your SSH daemon, but if I'm on travel how can I still gain access if all connections are silently dropped by my firewall? Single Packet Authorization (SPA) provides an answer.
read more | digg story
read more | digg story
Now my mom can surf the web again
A new company siteadvisor.com has a new approach to preventing spam and spy-ware. They support Firefox and IE and are also making their database available under the Creative Commons license.
read more | digg story
read more | digg story
How I Hacked Your LinkSys Router Which You Probably Bought at Best Buy
In a world where we all shop at the same stores and buy the same wireless equipment it is very easy to unintentionally hijack someone’s wireless connection. Here's how this guy did it - by accident....
read more | digg story
read more | digg story
How to mathematically crack a Masterlock combination pad-lock
This guy shows you have you can break the combination of any Masterlock pad-lock. He uses math to bring down the possible number of combinations from 64,000 to 100.
read more | digg story
read more | digg story
How to: Set Up an Offshore Banking Account
Do you want to impress women by shredding a bank statement? For some guys an offshore bank account may sound like something out of a James Bond film or maybe a clever way for an arms dealer to conduct business, but for the most part, banking offshore is about saving on tax dollars.
read more | digg story
read more | digg story
Whitedust.net Announces The First Annual Black And White Ball
Whitedust.net, the leading online source of unbiased and uncut security information, today announced the first annual Black & White Ball. Presented in a unique two track format, The Ball will run for 4 days the first two bringing the latest in hacker techniques and attacks, the last two presenting the cutting-edge of security defence mechanisms.
read more | digg story
read more | digg story
The first "hacker world war"...
An interesting summary of the first "Hacker world war" which took place in 2001. It appears Ebaum vs ytmnd.com was *not* the first online cyber-jihad, as we can see. Links to a lot of archived defacements and some good background info, too.
read more | digg story
read more | digg story
How to generate a wallet-sized paper backup of important phone numbers
Reliance on cellphones means we rarely remember the numbers we dial frequently. Here's a trick for creating a wallet-sized paper hard-copy of your important numbers so you still have the important ones when your phone is inaccessible.
read more | digg story
read more | digg story
Phishers Defeat 2-Factor Authentication
Phishers have now started phishing for the two-factor token ID from victims. The most interesting part is that these tokens only give you one minute to log in to the bank until that key will expire. The phishers employ a man-in-the-middle attack against the victim and Citibank to log in via php and conduct money transfers immediately when
read more | digg story
read more | digg story
Spyware Warriors in the Digital Underground (Podcast)
FTA: "Wayne Porter and Chris Boyd (aka PaperGhost) get paid to spend their days infiltrating rings of real life cyber criminals,all the while risking they’ll get caught by the thieves themselves.How must it feel to gather evidence on such bottom-feeders and then turn it over to States’ Attorney General’s offices and/or Federal Authorities?"
read more | digg story
read more | digg story
Instant Messaging E-Commerce Exploits
A Botnet's been found that installs remote admin tools on an infected PC, then attempts to run a file that queries e-commerce databases and steals personal info like credit card info. They're also using commercially available apps to do a lot of this stuff. From the article.."Comersus Cart, CactuShop, CCBill and others" (may be vulnerable).
read more | digg story
read more | digg story
21 Firefox vulnerabilities reported today. Either update or install Opera.
Multiple vulnerabilities reported today at Secunia. Some of these bugs are critical. Check it out.
read more | digg story
read more | digg story
So neighbors steal your wi-fi net access, kill the connection or have fun
So you find out that everyone in on your block is using your network without your permission. Do you lock it down or...? Or maybe you want to have a little fun. A little creativity with squid and you could turn your everything they browse upside down (literally)
read more | digg story
read more | digg story
Encrypt your web browsing session (with an SSH SOCKS proxy)
Using a simple SSH command, you can encrypt all your web browsing traffic and redirect it through a trusted computer when you're on someone else's network. Today we'll set up a local proxy server that encrypts your online activity from your Mac, PC or Linux desktop.
read more | digg story
read more | digg story
IM Worm installs own browser: The Safety Browser
A new IM hijack that installs its own browser called (as you might have guessed) the "Safety Browser" which is anything but! Changes your homepage, loops music on your desktop every time you boot up and spams the infection link via IM and IRC. Oh, and enables popups by default...!
read more | digg story
read more | digg story
Myspace Hacked
Thousands of Myspace emails+ passwords were phished and made available online. Users who used the same passwords for all their logins (myspace, msn, yahoo, paypal etc) are having problems.. Loads of Myspace accounts have been hijacked. Check your account, change your passes!
read more | digg story
read more | digg story
Gozi trojan analysis leads to Russian data hoard
One attack by a single trojan variant compromises thousands, circumvents SSL, and uploads it all to a Russian server where it's immediately turned around for sale. A unique step-by-step analysis reveals how groups of malware specialists are cooperating with each other and points to the future of malware as a managed service.
read more | digg story
read more | digg story
CapCom Federal Credit Union Leaks Customer Information
Capital Communications Federal Credit Union located in Albany, NY sent bank statements by mail that had other peoples information including balances, recent transactions and account numbers. They said they had some sort of software glitch from the third party statement company they use.
read more | digg story
read more | digg story
2007 A Hacking Odyssey Part 2 - Network Scanning & Nmap
This series of papers will take an in-depth look at how someone may target and electronically break into an organisation. The second phase can be generically summed up as ‘Scanning’Covered in this paper:War Driving, War Dialling, Network Mapping, Port Scanning
read more | digg story
read more | digg story
Unpatched, highly critical vulnerability in Firefox 2.0
This weakness has been known since June but no patch has yet been made available. The developers claimed to have fixed the problem in 1.5.0.5. So why did they release 2.0 without a fix? If "security" is what makes FireFox better, how do we explain known vulnerabilities unpatched on major releases?
read more | digg story
read more | digg story
Data-Theft Malware Targets Google's Orkut
A new type of Malware is targetting users inside the Orkut.com community, stealing their login details to online banking sites, dumping them into a Botnet and trying to spread automatically via their "scrapbooks". Screenshots and a movie file of the infection mailing home the data, which is pretty interesting.
read more | digg story
read more | digg story
List Of Security-related Firefox Extensions
Firefox's extensions are one of its biggest selling points. Looking for ones that will help make your browsing more secure? Check out this list.
read more | digg story
read more | digg story
Security Myths and Passwords
A blog post by Eugene Spafford which examines password security, and the way that detrimental security practices sometimes get propagated because they're considered by many to be "best practices."
read more | digg story
read more | digg story
The Most Influential People in IT Security
Here’s our list of the most influential security experts of 2007 - from corporate tech officers and government security types, to white hat hackers and bloggers.
read more | digg story
read more | digg story
Digg is blocked at thousands of schools across the nation - Stop it!
Thousands of schools in the US use the BESS filtering system. The nice people at Secure Computing decided that digg.com should be blocked. Send an email to service@securecomputing.com, and tell them to stop blocking digg.
read more | digg story
read more | digg story
Myspace.com hijack is currently spreading like wildfire
Somebody has managed to hack Myspace with a flash redirect that exploits what is apparently a gaping wide hole in their code. If you are signed into Myspace, and you go to a compromised page, you will be redirected to a blog post containing a diatribe about how the U.S. government is behind 9/11 & your page will now be hijacked! Solution at link.
read more | digg story
read more | digg story
HOWTO: Secure Firefox/IM/email from anywhere with PuTTY
Quick, step-by-step HOWTO to set up secure, encrypted tunnels for web browsing, instant messaging, and email from anywhere. No need to set up a VPN. Great for working from hotels and coffee shops!
read more | digg story
read more | digg story
Crack Windows Passwords in Minutes!
Ophcrack is a brute-force cracker of pre-computed hashes called rainbow tables. Simply burn the CD, pop it into the victim's computer, Ophcrack will boot into a Linux shell, extract the password file, and find a match. For more information on rainbow tables, see Rainbow table - Wikipedia
read more | digg story
read more | digg story
Teenagers used to push Zango on Myspace?
A ring of "Myspace profile edit" sites encourage Myspace users to add their "free videos" to their profiles. What they *don't* mention, is that these videos pop open a box that tries to install Zango Adware when someone visits a profile running these movies. Getting what is likely teenagers to unknowingly distribute this stuff is a new low.
read more | digg story
read more | digg story
New MS 0day on milw0rm
A New 0Day (DoS Proof of Concept) has appeared on milw0rm related to MS Windows XP... It seems to affect ICS (Internet Connection Sharing) and it seems to only apply to data coming into the shared NIC, not via the internet connection.
read more | digg story
read more | digg story
Subscribe to:
Posts (Atom)