A Daily Look At Security

Unpatched, highly critical vulnerability in Firefox 2.0

2006-10-29T10:49:00.000-08:00

[Quote]
"This weakness has been known since June but no patch has yet been made available. The developers claimed to have fixed the problem in 1.5.0.5. So why did they release 2.0 without a fix? If "security" is what makes FireFox better, how do we explain known vulnerabilities unpatched on major releases?"

[Read More]

British the most spied-on people in western world

2006-10-29T09:49:00.000-08:00

[Quote]
"The linkage of databases and surveillance systems mean Brits are now having their movements tracked, habits profiled and photograph taken hundreds of times a day."

[Read More]

Windows Live Barcode Launches

2006-10-29T08:16:00.001-08:00

[Quote]
"No this isn't an April Fool's joke. Windows Live Barcode enables users to store their own data in QR codes, which are already present on Spaces for markets like Japan."

[Read More]

US online brokers hit by pump and dump fraud

2006-10-25T16:04:00.001-07:00

[Quote]
"Hackers in Eastern Europe and Asia have been infiltrating customer accounts at US online brokers and making unauthorised trades to artificially inflate the price of some stocks. The 'pump and dump' fraud has reportedly cost E*Trade at least $18 million in the third quarter alone."

[Read More]

Hacking contactless credit cards made easy

2006-10-25T08:03:00.001-07:00

[Quote]
"US security researchers have demonstrated how easy it might be for crooks to read sensitive personal information from RFID-based credit and debit cards."

[Read More]

Police wrongly raid home based on IP !!

2006-10-24T18:16:00.001-07:00

[Quote]
"Demonstrations of government stupidity seem to know no bound.How long before no one respects our current form of government and law enforcement?"

[Read More]

FREE Memory Upgrade for your laptop

2006-10-24T17:03:00.001-07:00

[Quote]
"A gang (from BBC's The Real Hustle) set up a shop offering free memory upgrades to laptops. People leave their laptops with the gang to pick them up later, see what happens..."

[Read More]

Why Bush's Wire Tapping is Defeated by VoIP Networks

2006-10-22T14:19:00.000-07:00

[Quote]
"Bush claims he needs NSA wire tapping to break up terrorist networks but terrorists are not using the phone network Bush is tapping. They ... all are using private voice over IP internet phones (VoIP) that can't be tapped. This video explains how it works. And, how you can set up your own."

[Read More]

Hackers' project disguises security-busting code

2006-10-22T02:49:00.000-07:00

[Quote]
"The software, called VoMM (eVade o? Matic Module), uses a variety of techniques to mix up known exploit code so as to make it unrecognizable to some types of antivirus software. Using these techniques, VoMM "can create an endless number of variants of an exploit," said Aviv Raff, one of the developers behind the project."

[Read More]

SpamThru Trojan Analysis

2006-10-21T16:19:00.001-07:00

[Quote]
"Interesting and thorough analysis of a modern spam trojan available at Secureworks."

[Read More]

Welcome to the world of botnets

2006-10-21T05:48:00.001-07:00

[Quote]
""Eric Sites stares at the screen of a "dirty box," a Windows machine infected with the self-replicating Wootbot network worm. Within seconds, there is a significant spike in CPU usage as the infected computer starts scanning the network, looking for vulnerable hosts. Basically, this machine is now owned by a criminal.""

[Read More]

The science of making skyscrapers safe.

2006-10-20T10:47:00.000-07:00

[Quote]
"To the discerning eye, cities and skyscrapers are monuments to the security threats prominent at the time they're built. With new technologies, shortsighted design decisions will leave a legacy of needless challenges for future generations."

[Read More]

Zombie Computers Try To Blend In With The Crowd

2006-10-20T07:33:00.001-07:00

[Quote]
"Hackers are trying harder to make their networks of hijacked computers go unnoticed."

[Read More]

New (Potentially Funny) Firefox Bug Found

2006-10-14T20:49:00.000-07:00

[Quote]
"While not exactly a major bug, this bug allows any website owner to style the autoscroll image that pops up when one middle clicks in Firefox. Someone of a less benevolent nature could use this bug for evil. *COUGH* GOATSE *COUGH*"

[Read More]

pfSense 1.0 Released today at 13:13 EST

2006-10-13T20:18:00.000-07:00

[Quote]
"pfSense, the FreeBSD-based firewall LiveCD distribution was released today. Utilizing pf as the firewall basis, this distribution has been 2 years in development and offers firewalling, traffic shaping, clustering, load balancing and a very solid packaging system all managed by a WebGUI."

[Read More]

USB Hacksaw released, Steal documents in seconds with a U3 usb key!

2006-10-06T22:50:00.001-07:00

[Quote]
"The USB Hacksaw is an evolution of the popular USB Switchblade that will automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.PoC shows how to deliver the payload instantly with a U3 autorun hack borrowed from the Switchblade"

[Read More]

Set up a personal, home SSH server

2006-10-04T17:33:00.001-07:00

[Quote]
"It's simple to set up an SSH server right on your Windows PC with Cygwin (and even simpler on your Mac). Once your personal SSH server is up and running, you can connect to your home computer securely from anywhere on the internet, up and download files and perform all the command line tasks your heart desires. Here's how."

[Read More]

Contactless Cards: Are Privacy Jitters Legit?

2006-09-28T14:50:00.001-07:00

While the cards are a boon to merchants and are part of a large new RFID industry -- from manufacturers who make the tags and readers to software companies that create data analytics for ROI -- the technology also presents some security concerns as merchants may have the ability to track goods and services more closely than some would like.

You can read more about it here.

Worried about the airline losing your luggage? No problem. Just pack a gun.

2006-09-24T11:20:00.000-07:00

The airline wouldn't want to be responsible for losing a gun, right? That's one photographer's solution to making sure his expensive camera equipment is watched carefully by the airline when he has to check it as luggage. He packs a starter pistol in his camera bag and declares it as a firearm.

You can read more about it here.

Two Serious Windows Flaws Uncovered

2006-09-21T18:45:00.000-07:00

The first is a zero day exploit that affects Internet Explorer (and Outlook) even on fully patched copies of Windows XP. The second is a file corruption bug in Windows 2000 introduced by a Microsoft patch. Steve Gibson has fixes for both in his Security Now podcast, plus an interview with the fellow who discovered the VWL exploti.

You can read more about it here.

Watching a phishing attack live

2006-09-20T09:45:00.001-07:00

Yesterday, I watched a phishing attack unfold live. After informing the phished bank and US CERT I was able to see in real time the details people entered on the phishers site. Here's what I saw.

You can read more about it here.

AG Gonzales Wants ISPs to Save User Data

2006-09-19T14:25:00.001-07:00

Attorney General Alberto Gonzales said Tuesday that Congress should require Internet service providers to preserve customer records. Gonzales acknowledged the concerns of some who say legislation might be overly intrusive and encroach on privacy rights, but argued that prosecutors need them to fight child pornography.

You can read more about it here.

Diebold Vote Hack - CNN Video

2006-09-19T07:23:00.001-07:00

CNN explores the possibility of midterm e-vote hacks. You should wonder why elections boards across the US aren't doing anything to address the numerous problems with paperless electronic voting machines. These machines, primarily made by Diebold, leave no paper trail, there is no way to verify votes!

You can read more about it here.

#1 Secutiry Threat: Cross-site scripting

2006-09-19T06:53:00.001-07:00

Web administrators beware: cross-site scripting vulnerabilities are now far more attractive targets than more notorious bugs such as buffer overflows. Buffer overflows have long been one of the most common types of bugs attacked by malware, with Intel and AMD even building in hardware support for an anti-buffer overflow technology.

You can read more about it here.

Code cracking is the new pot of gold

2006-09-19T03:32:00.001-07:00

If you think the password protection on your MS Word file is keeping it safe from prying eyes, you're wrong. The time it takes to crack password-protected Microsoft Office files has tumbled from a 25-day average to a matter of seconds, thanks to a decades-old code-cracking technique that until recently was not viable.

You can read more about it here.

Homeland Security not ready for Cyber Storm

2006-09-18T12:51:00.001-07:00

A well coordinated attack against multiple critical infrastructure points launched via the Internet could overwhelm the federal government's ability to respond, according to a report released by the Department of Homeland Security last week on the Cyber Storm exercise conducted in February.

You can read more about it here.

Pipeline Worm Floods AIM with Botnet Drones

2006-09-18T09:30:00.001-07:00

A new worm is crawling through AIM - using a sophisticated network of "chain" installs, the bad guys can start the process of infection with any of the files and still hit you with the rest. Or they can target you with a certain selection of files depending on what they want you to do as part of their Botnet. Its like a 10-hit Tekken combo...

You can read more about it here.

Should you sign the back of your credit cards?

2006-09-17T08:17:00.000-07:00

or... why you should NEVER sign the back of your credit cards.

You can read more about it here.

13 stories in a row submitted by the same user with exactly same # of diggs

2006-09-17T00:56:00.001-07:00

Just noticed this on digg spy a few minutes ago and i just had enough time to take a screen shot of it. This user seems to be gaming the system.

You can read more about it here.

Analyzing 20,000 MySpace Passwords

2006-09-16T18:26:00.000-07:00

In a day where browsers are coming out with anti-phising tactics, I can?t believe how many people still fall for phising. It?s all over the news, and most email clients display warnings. So when I got an email from ?Admin@MySpace.com? I kind of chuckled.

You can read more about it here.

The ID Chip You Don't Want in Your Passport

2006-09-16T14:15:00.001-07:00

"If you have a passport, now is the time to renew it -- even if it's not set to expire anytime soon. If you don't have a passport and think you might need one, now is the time to get it. In many countries, including the United States, passports will soon be equipped with RFID chips. And you don't want one of these chips in your passport."

You can read more about it here.

Hacker Discovers Adobe PDF Back Doors

2006-09-15T20:42:00.001-07:00

David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to launch attacks without any user action.

You can read more about it here.

Mozilla fixes several Firefox flaws

2006-09-15T19:12:00.001-07:00

Mozilla released Firefox 1.5.0.7 to address flaws that could expose systems to man-in-the-middle, spoofing and cross-site scripting attacks.

You can read more about it here.

How a Malformed Installer Package Can Crack Mac OS X

2006-09-15T18:01:00.001-07:00

There exists a pretty significant interface problem with the Apple Installer program such that any package requesting admin access via the AdminAuthorization key, when run in an admin user account, is given full root-level access without providing the user with a password prompt during the install.

You can read more about it here.

Piracy: all it takes is a garage

2006-09-15T13:21:00.001-07:00

Piracy?it's not just for the high seas anymore. In fact, according to the MPAA, 44 percent of their piracy losses in the US come from college students.

You can read more about it here.

Mozilla's New Security Chief: Dump Old Code

2006-09-15T11:41:00.001-07:00

Window Snyder, whose hiring was announced last week, says she wants to get going. Her first initiative is to reduce the overall risk to Firefox by evaluating where there are unused features and by getting rid of the unused code.

You can read more about it here.

Google to launch Gmail Plus service?

2006-09-15T07:40:00.001-07:00

Don't trust the URL -- things are not as they seem. A clever exploit in a little known Google service could be used to launch phishing attacks, by imitating Google services -- hosted on Google's own servers! Read the article for more information, or see a proof of concept in action: http://www.google.com/u/gplus.

You can read more about it here.

ATM Reprogrammed to Give Out 4X More Money

2006-09-15T02:30:00.001-07:00

Last month, a man reprogrammed an automated teller machine at a gas station on Lynnhaven Parkway to spit out four times as much money as it should.

You can read more about it here.

test posting

2006-09-12T23:25:00.001-07:00

test posting