Spliced feed for Security Bloggers Network |
| The perils of popular Facebook [Malta Info Security] Posted: 09 Jun 2008 12:16 PM CDT An article written for the Sunday Times of Malta - IT Supplement dated 8-6-2008 Often enough, most people tend to have their own way of perceiving how secure they actual are when doing things online. Indeed a lot of people tend to be naive and prefer not to think of what can go wrong right after they post or publish something personal about themselves or even others. The way we perceive how secure we are, largely depends on past personal experiences. If you ever suffered some sort of data loss due to a virus - you would know exactly what I mean - in that - once bitten twice shy. So worst memory tends to prevail over your decisions and even perceptions of how secure you really are. More over, misconceptions surround us such as "I have antivirus software, so I am secure" or "I have a firewall, so I am safe". The reality is that to be secure you need to employ a suite of tools (antivirus being one of them) to help you reduce your risk exposure to an acceptable level. These days there is a lot of talk about Facebook. First off - it is a social networking tool which anybody can freely sign up for and use. So far so good! One of reasons it is so popular with people (in particular with youngsters) is that it allows for virtual social interactivity - therefore somewhat redefining the way people meet, talk and share things with each other. In many ways I feel it has affected our social culture. If you feel shy, then you can look for your soul mate online without having to sweat it out before you pluck up enough courage to go talk to a guy/girl face to face. One facility Facebook offers is the ability to check how compatible you are with different people and linkup to different friends through existing friends to build a spider web of friends. One idea might be - the more friends you accumulate online (say on Facebook) the more popular you are perceived to be. At face value, Facebook sounds cool especially if you are a budding teen. So where's the catch?
Continue reading "The perils of popular Facebook" | |
| Posted: 09 Jun 2008 05:27 AM CDT
An article in Datanews (dutch only) today reports on the police arresting four ex-CCC members on two facts:
On the first fact, I can certainly agree but with regards to the second fact, I did not know it was illegal in Belgium to have this kind of software installed on your PC. I for one have Truecrypt as encryption software and Eraser as DoD compliant erasing software installed on my laptop. Am I a terrorist now? | |
| OSWA Assistant - Wireless Hacking & Auditing LiveCD Toolkit [Darknet - The Darkside] Posted: 09 Jun 2008 01:03 AM CDT The OSWA-Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer’s CDROM and making your computer boot from... Read the full post at darknet.org.uk | |
| Cloud computing - I want my cake and eat it too [StillSecure, After All These Years] Posted: 08 Jun 2008 10:20 PM CDT Its easy to dismiss Don Dodge's asking "Do you really want your data in the cloud" as a Microsoft guy defending their turf. Don uses some recent uptime problems at Amazon, Twitter, Disqus and Typepad to show that keeping your information in the cloud and relying on the net to deliver your applications gives you less control, less security, less scalability and less reliability. | |
| Posted: 08 Jun 2008 02:56 PM CDT Here is some information regarding this week’s Wednesday OWASP - DC/MD Local Chapter infosec meetup event. If you show up late, the lobby door may be locked. You’ll need to call Aspect Security’s office number (301-604-4882) for access. Pizza and drinks will be available; usually Aspect provides. (more…) | |
| Updated DoD 8570.1M (draft) -- CISA/GSNA required for pentesters [Carnal0wnage Blog] Posted: 08 Jun 2008 09:29 AM CDT If you do any IA work for the US government its probably worth taking a look at this draft to see what's coming down the pipe. www.dtic.mil/whs/directives/corres/pdf/857001m.pdf of interest to me is the new requirement to get the CISA or GSNA if you do any sort of "Auditing" to include pentesting. "C11.6.1. CND-AU personnel perform assessments of systems and networks within the NE or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. CND-AUs achieve this through passive evaluations (compliance audits) and active evaluations (penetration tests and/or vulnerability assessments)." Not to get back into the whole Not a CISSP thread or CEH != pentester debate but I'd like to hear other people's opinion on the validity of basically requiring the CISSP and now CISA if you do pentesting for DoD. I have no experience with the SANS GSNA material, so I have no comments. I'm studying for the CISA now and there is very little if anything that applies to pentesting. Painful is the only word I can think of right now to describe it. But I'm taking my own advice by sucking it up, learning the material, taking the test, and going back to doing what I was doing. In case anyone is still in the dark, auditing != pentesting. | |
| Hey United Airlines...Try Actually READING The Question [Carnal0wnage Blog] Posted: 08 Jun 2008 08:54 AM CDT Its Sunday and I'm bitching. We fly United Airlines alot for work and I'm getting close to getting my premier status and finally becoming a person according to United. In fact, on my next trip I'll reach enough miles on the outbound flight. Me hating to wait in line and being too paranoid about coughing up all my biometric info for the fly clear stuff I asked if United could "pre-upgrade" me based on the fact I will archive the required number of miles on the flight. Here is the question I posed: From: ME To: United Airlines Web Question Form Hi,I have an upcoming flight to Hawaii and will be gathering enough miles to become premier on the outbound leg of that flight. I wanted to see if it was possible to be upgraded to premier before the flight so i could use the premier check-in line at the airport. thanks in advance. and the response. Thank you for your e-mail. Elite status is earned by our most frequent flyers. To qualify, you need to earn a given number of Elite Qualifying Miles (EQM) or Elite Qualifying Segments (EQS) in one calendar year. EQM and EQS can be earned by flying on United, Ted, United Express or any Star Alliance member airline and by participating in various promotions. Please visit www.united.com/staralliance or www.staralliance.com for an up-to-date list of Star Alliance members. Once you qualify for elite status, your account is automatically upgraded. Members need to requalify each year. Elite status is not determined by the current balance of redeemable miles in an account. The three levels in our Elite program are: Premier = 25,000 EQM or 30 EQS Premier Executive = 50,000 EQM or 60 EQS 1K = 100,000 EQM or 100 EQS **Yes all the information available on the website To date, in 2008, you earned 22,053 Elite Qualifying Miles and 8.5 Elite Qualifying Segments. If you meet the elite membership criteria we can upgrade your status. ** More information I see when I log in I wish you success in attaining your desired status. ** Then upgrade me! Please contact us again if you have any questions concerning your Mileage Plus account. Gisselle Dawson Yup got it, pretty much what I stated in the question but no real answer. Now I figured the answer would be no, but you could at least read the friggin question and say no. At least I'll be a person on the return flight. **Update, I actually sent a follow up email saying read my question and basically got the same response without a real answer (again). I wont bother putting it in here. | |
| Increase of malware found on legitimate websites [miekiemoes] [Belgian Security Blognetwork] Posted: 08 Jun 2008 06:23 AM CDT According to ScanSafe, 68% of the Malware is found on legitimate websites nowadays. These sites were hacked as a result of SQL injection attacks or via stolen FTP credentials. Malicious scripts and (hidden) iframes are added in order to infect the visitor with trojans, backdoors and password-stealing malware. That's why you should always be cautious, because even known legitimate sites can't be trusted anymore. Also read: A May 2007 / May 2008 State of the Web Comparative If you're on Vista, make sure UAC is enabled, so Internet Explorer runs under Protected Mode. If you're on XP - you can read some tips here: How to Surf More Securely by gizmo.richards In case you're using Firefox as your default browser, install the NoScript extension. | |
| This has nothing to do with anything technical.. [extern blog SensePost;] Posted: 08 Jun 2008 06:17 AM CDT but since it made me eat crow, i figured i would share it.. Although i read a fair bit, i stopped really reading fiction many many moons ago. Its something i often feel ill try to get back into when im a little older with more time (like playing golf), but right now it somehow always feels like fiction pieces give off less real information than their non-fiction counterparts.. To this end, i got through about 0.5 of one of the harry potter books, before deciding that it wasnt for me (but still stood in the queue at midnight for the final book because Deels has always been nuts about it..) Anyway.. Deels pointed me this weekend towards JKRowlings commencement speech at Harvard:[J.K. Rowling Speaks at Harvard Commencement : Harvard Magazine] The speech is well worth the few minutes it will take to read/watch/listen to, and gives me new respect for the author.. -sigh- maybe ill pick up the philosophers stone tonight after all.. | |
| Black Hat Webcast No. 1: The Forbidden Sneak Peek [Security4all] [Belgian Security Blognetwork] Posted: 08 Jun 2008 06:15 AM CDT On Thursday, the 26th of June, Blackhat will be featuring a webcast that gives a sneak peek of the upcoming conference. This webcast event is sponsored by Black Hat and presented free of charge. The... | |
| Microsoft Security Patch Advance Notification - June 2008 [Sunnet Beskerming Security Advisories] Posted: 07 Jun 2008 10:40 PM CDT This coming Tuesday, Microsoft are planning to release seven patches with the June Security Patch Release, according to the advance notification advice released by Microsoft and their MSRC. Of the seven patches due for release, three have been identified as Critical, all leading to remote code execution opportunities and affecting different components of core Microsoft Windows software. A Bluetooth patch, cumulative Internet Explorer update, and separate ActiveX bulletin comprise the Critical updates (though the ActiveX bulletin could be integrated with the Internet Explorer cumulative update). The three Important updates identified by Microsoft target an elevation of privilege and denial of service opportunities affecting WINS, Active Directory, and PGM, again elements of the core Windows system. The remaining Moderate patch is for a kill bit issue that can lead to arbitrary remote code execution, though why it isn't identified as Critical like the other remote code execution vulnerabilities has not been identified. All versions of Windows from Windows 2000 will be affected by this month's patches, with Critical remote code execution bugs being patched on all systems. Other non-security high-priority updates will be released through the Microsoft Update and Windows Server Update Service at the same time, as well as the Microsoft Windows Malicious Software Removal Tool receiving an update. In separate reporting, Microsoft's Security Vulnerability Research & Defense group have released information that indicates that the Microsoft Works ActiveX control proof of concept that was recently released will not be receiving an update, as the default behaviour of Internet Explorer should be not to load the ActiveX control (it falls into the 'ActiveX controls not marked as safe for scripting' section which should be Disabled by default). Note that this doesn't deny there is a problem, just that the default system behaviour should be enough to protect users. | |
| The Neverending Story [miekiemoes] [Belgian Security Blognetwork] Posted: 07 Jun 2008 06:11 PM CDT  It's already more than 4 years that I clean severly infected computers. In most of the cases, when I review the logs, I see more malware present than anything else. Also, in most cases, many don't even have an Antivirus Scanner + Firewall installed and their Windows hasn't been updated for years. Hence, they don't even know why the updates are needed for. Also, many of them don't have a genuine version of Windows installed anyway. Some don't even know what an Antivirus Scanner or Firewall is. For example, yesterday, I analysed a log from a severly infected computer and asked the guy why he didn't have an Antivirus and Firewall installed. He: "Huh? I have an Antivirus and Firewall installed though" Me: "Ok, can you tell me which one, because I can't see an Antivirus and Firewall present in your log" He: "I have mailwasher!" Mailwasher is a spam filter software - so not sure where he has read it was an Antivirus/Firewall. And that's why we should "teach" these people about security. Why they need an Antivirus and Firewall and how to prevent malware. This is my main goal here... teach about prevention, how to keep their computer(s) clean/secure. Unfortunately, many do know how to prevent malware, how to keep their computer(s) secure, but they just won't listen, mainly because they just don't care. They also know how they got infected in the first place.. because they were warned many times before. But still, they just can't resist the use of illegal software/cracks/hacks whatever, even though they know that 80% of it is bundled with malware. One single click on one of these "popular" crack sites may already download and install a huge malware bundle... and yes, they are also aware of this. Oh well, not a big deal for them - They just post their problem at one of the forums/sites where they receive help for free. Once their system is "clean", they can hunt for more cracks/keygens again. Yes! I've seen it too many times before. "Hi, I visited a cracksite, downloaded and installed a crack - can you check if my computer is still clean?" "Help! I downloaded and installed a crack from a torrent/P2P again and now my computer is acting weird.... again" "I need help asap!! Keygen infected my computer again!" Yes, in 80% of the cases, people get infected because of the use of illegal software/cracks/keygens/hacks... etc. So I clean their computers and most important part, I tell them that they should stay away from illegal software, cracks, keygens etc, because they will get reinfected anyway if they don't change their surfing habits. I also explain that there are many free alternatives and give them extra prevention tips. I'm glad that many learn a lesson here, listen to my advise and make sure this won't happen again. However, there are still a lot of others who don't listen and proceed with what they were doing before, even though they were warned. Result.. 2 weeks later, they are back, asking for help to get rid of another infection, because they installed another crack which downloaded/installed malware again. Then they receive free help once again and one month later, they are back again. And this goes on and on and on... I'm sorry, but I gave up on them. It's a waste of my time. If they don't want to listen, they should take care of their own problems. In such cases, I recommend that they format and reinstall Windows (even though the malware can be cleaned easily). Or I ask them to go to the local computer shop to get it fixed. It will cost them a lot of money and in most cases, they will just format and reinstall Windows anyway. Maybe that will learn them since they have to pay for it - or since they have to start from scratch again. "Was it really worth it??" "Wanna use cracks/keygens again and go through the same scenario again?" "Are you sure??" - If there was an "Yes" button here, I'm sure some would click it - Ooh, they love to click Yes! What I hear many times is: "It's my computer - if I want to visit illegal sites/use cracks etc, it's my problem if I get infected." Ok, so why are you asking for help in the first place? If it's your problem, you should take care of it. And it isn't your problem ALONE. Your computer is responsible for infecting A LOT of other computers as well (depends on what malware is present). "I blame my Antivirus because it didn't detect the malware".  You are the only one to blame!!! Also, all their passwords and other sensitive data may be known... But do they really care??? Some will never learn, so this is a neverending story and unfortunately I can't help them anymore. Oh well... maybe they will learn some day (when it's too late). | |
| Symantec June State of Spam Report [Security4all] [Belgian Security Blognetwork] Posted: 07 Jun 2008 06:05 PM CDT Symantec released their June State of Spam report: The June State of Spam Report demonstrates that spammers are utilizing current events to their advantage. The economic slowdown has been at the... | |
| Video: Introduction to XSS using Webgoat [Security4all] [Belgian Security Blognetwork] Posted: 07 Jun 2008 05:48 PM CDT Seen on the securitydistro.com website: Related posts: Why hacking changed and 90% of sites are still vulnerableThe Web Hacking Incidents Database Annual Report 2007OWASP Live CDItalian bank gets... | |
| Shit Happens! [/dev/random] [Belgian Security Blognetwork] Posted: 07 Jun 2008 02:07 PM CDT
The culprit was Vundo. A well-known (and quite old) Trojan which slows down the system, display pop-ups etc… Nothing very malicious but it was difficult to get rid of it! See the details here. My laptop What happened? The Symantec anti-virus reported and successfully deleted infected files in the IExplorer cache and in a restore point. Immediately, I scanned the whole system for viruses and malwares. Nothing detected!? A scan with HijackThis reported several problems: two BHO linked to a DLL named “c:\windows\system32\geBtSMgF.dll“. The DLL was impossible to remove (locked by two processes: explorer.exe, winlogon.exe). To get rid of the DLL, I booted my laptop with UBCD for Windows, a Windows live CD. I was able to access the NTFS file system and to remove the DLL. One reboot later, I cleaned the registry with HijackThis. Later today, I still got alerts from the anti-virus: infected files were found in “c:\System Volume Information” where are stored the files needed by the Windows Restore Point system. To remove them, you need to disable the restore point feature. Finally, I used RestorWin to delete all restore points created of modified since the infection. I read and re-read the Trojan description and I should not be infected!? Is this a new variant? Or a new one based on the original. No idea, I cross my fingers! | |
| BlackBerry Pearl 'Proper' Keypad Cheatsheet [Security Uncorked] Posted: 07 Jun 2008 10:37 AM CDT It wasn’t long after I switched from a long history of traditional cell phones to a BB Pearl that I realized there was a big problem. I was up a creek without a paddle… or should I say, I was up to remote voicemail access without a proper keypad. You see, phone systems everywhere- my office, your office, the banks and any alphanumeric-driven automated system- use the letters that correspond to a standard desk set number. The number ‘2’ represents ‘ABC’, etc.
So a ‘G’ on my office system to Give it to another user is number key 4, on my Pearl it would be 5, which would be ‘K’ to my phone system to save the message and tuck it back in the depths of vm storage never to be found again. Over the past months, I’ve accidentally erased things I wanted to forward, forward things I wanted to save… you get the picture. It’s not just voicemail access. I also found I couldn’t make use of dial-by-name directories or even access my banking by phone. It gets to be quite frustrating at times, and driving down the road at 70mph is not really a good time to try and work out the mental puzzle of which number ‘should’ be what. The solution… I decided to make a BlackBerry Pearl ‘Proper’ Keypad Cheatsheet. It’s a convenient 2x3.5” business-card sized piece that you can print and slip right into your wallet, phone holster, or wherever you need it. And here it is, available for your enjoyment- in both his and hers colours. Her BB Pearl Keypad Cheetsheet (in pink) His BB Pearl Keypad Cheetsheet (in blue) # # # | |
| Links for 2008-06-06 [del.icio.us] [Anton Chuvakin Blog - "Security Warrior"] Posted: 07 Jun 2008 12:00 AM CDT
| |
| Posted: 06 Jun 2008 06:37 PM CDT In February, a B-2 stealth bomber crashed in Guam. Now we know why. And we've got video of the scene. On takeoff from Andersen Air Force Base, the $1.4 billion plane abruptly "pitched up, rolled and yawed to the left before plunging to the ground," the AP describes. The reason why: "Water distorted preflight readings in three of the plane's 24 sensors, making the aircraft's control computer force the B-2 to pitch up on takeoff, resulting in a stall and subsequent crash." Luckily, "both pilots ejected safely just after the left wing made contact with the ground in the first crash since the maiden B-2 flights nearly 20 years ago." Check out the video, and you'll see just how fortunate the pilots were to make it out. source wired | |
| Rogue access point at Dutch Airport [Security4all] [Belgian Security Blognetwork] Posted: 06 Jun 2008 06:22 PM CDT Dutch Computer Magazine "Computer idee" published an article in her May edition about a rogue access point they placed at an airport. They placed an access point called "Schiphol Free Internet... | |
| Posted: 06 Jun 2008 05:29 PM CDT | |
| Belgian Press agency Belga misreads McAfee domain report [belsec] [Belgian Security Blognetwork] Posted: 06 Jun 2008 05:14 PM CDT The Belgian Press Agency has sent a report to the Belgian press that the Belgian .be domain is safer now than before and as usual the journalists have taken the text in full without bothering to take the report, read it and be assured that this was the thing. Well it ain't so. Belga mixed up two totally different things. The position of the number of malicious .be domain name as a percentage of all the malicious domain names in the world in around 175 extensions has fallen. But if you read the report this is the result of massive buying of spamdomains in some other specific domains. It is sure that if the crimgangs buy thousands of domain names for malicious downloads and infections in other domain extensions that the percentage of malicious domain names with your domain extension will fall as part of all the malicious domain names. If you look a bit further than you will see that the Belgian domainextension is still of the most dangerous domainextensions because of the high number of malicious domainnames in its domainextension (be). This means that if people surf on the .be domainextension the possibility to arrive at a malicious domain is much higher than on some other domainextensions. I don't think this is a good thing and that we are still borderline and that if it is the intention to give our domainextension a good name we have to take action. The two other facts that are rarely mentioned in the articles is that in the domainextensions that have a good sense of control the number of malicious domains remains fairly low. There is also a lot of press about the fact that the Hongkong HK domainextension is becoming one of the most dangereous. In the report the management tells McAfee that this seemed to be the result of making the procedure for the registration of domainnames very easily and online (and expecially easily for volume buys). The same management has decided now to clean the place a bit and have started throwing numerous scammer domains with their extension of the net. | |
| Hack of the day mundaneum.be (musea) [belsec] [Belgian Security Blognetwork] Posted: 06 Jun 2008 04:59 PM CDT
| |
| How to detect and prevent insider threats [Security4all] [Belgian Security Blognetwork] Posted: 06 Jun 2008 03:49 PM CDT I picked this up from Networkworld.com: CERT/CC has published a report called "Commonsense Guide to Prevention and Detection of Insider Threats". The information is based on the analysis of more than... | |
| 1984 was a typo! -- No Place to Hide Pseudo Book Review [Carnal0wnage Blog] Posted: 06 Jun 2008 02:33 PM CDT I really blame phn1x for actually answering my question of what Safeway does with the information of what you buy and suggesting the book "No Place to Hide" by Robert O'Harrow. Google Books Link: http://books.google.com/books?hl=en&id=caydrFMa1mIC&dq I won't do the typical review I do because its not a "tech" book but I will say that it was eye opening. I'm embarrassed to not know the scope of information (and how easily we give it up) that is being accumulated about us by different commercial organizations (ChoicePoint, Acxiom, and more), computer generated models of our likes and dislikes formulated and sold to various vendors, private information about us from marriage, mortgages, books checked out from the library, you name it, and of course that information being easily sold to the government so they can live up to laws forbidding the government from spying on citizens by the government itself not actually doing the spying but merely buying data and services from these vendors. I don't want to go all Dale Gribble (more) but some fun/spooky/scary things from the book. 1. you dont have to fill out warranty cards that ask for all that personal info like how much you make and what kind of car you drive. By law all products have a 1 yr warranty without you having to mail in that registration card. 2. your phone number is your new SSN and the "key" tying good chunks of your data to you. Add your zip code to make sure there are no mistakes. 3. where do these companies get the data? From: telephone directories, voter registrations forms, tax assessor offices, questionnaires, warranty cards, catalog buyer behavior information, and product registration forms. 4. who generated the initial no fly lists? yep those companies. 5. best part, all the data policing is done by the companies and not the government. And for a real world example, in my mailbox yesterday was some junk mail from some Baptist church. Of course called and said thanks for the letter but how the f**k did you get my name and address. The utility company gave it to them...WTF. EFF and EPIC can expect good donations this year, as long as they don't write down my name and address so the government doesn't have its initial start list of dissidents when things go south. But its probably waaaaaaay to late to worry about that. I know I'm already on that list. For Cons of the book, read the reviews on amazon they mostly say the same thing. Basically great information, but no remediation. fI there even is any at this point. If you want to see what they have on you, at least ChoicePoint appears to do this for free if you are willing to cough up some information. http://www.choicepoint.com/consumer/all_products.html also opt-out info: http://www.privacyatchoicepoint.com/optout_ext.html  | |
| British ISP Syping On Users [Carnal0wnage Blog] Posted: 06 Jun 2008 02:33 PM CDT Ok, this one is a little bit Dale Gribble... From Wired Blog: "An internal British Telecom report on a secret trial of an ISP eavesdropping and advertising technology found that the system crashed some unsuspecting users' browsers, and a small percentage of the 18,000 broadband customers under surveillance believed they'd been infected with adware." "Those boxes inserted JavaScript code into every web page downloaded by the users. That script then reported back to Phorm the contents of the web page, which Phorm used to create ad profiles of a user. Additionally, Phorm purchased advertising space on prominent web sites, showing a default ad for a charity. But when a user who had previously looked at car sites visited one of those pages, he instead got an advertisement for car insurance." http://blog.wired.com/27bstroke6/2008/06/isp-spying-made.html |
We are all vulnerable! Yesterday, it was my turn… Infected by a 
| You are subscribed to email updates from Black Hat Security Bloggers Network To stop receiving these emails, you may unsubscribe now. | Email Delivery powered by FeedBurner |
Inbox too full?  Subscribe to the feed version of Black Hat Security Bloggers Network in a feed reader. | |
| If you prefer to unsubscribe via postal mail, write to: Black Hat Security Bloggers Network, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610 | |
No comments:
Post a Comment