Spliced feed for Security Bloggers Network |
| het verslag van dns.be zoals u het nergens anders las [belsec] [Belgian Security Blognetwork] Posted: 03 Jul 2008 06:30 AM CDT |
| A new number that could be used to phish a domain name [belsec] [Belgian Security Blognetwork] Posted: 03 Jul 2008 05:08 AM CDT So what about S and 5 This is smart. So lets take Brussels, this would make BRUSSEL5 - BRU5SELS and so on the most interesting part would be for sexsite - of which many are paying - and no one would like to say that his creditcard number was stolen because he tried to (re) log in to a porn net. But thake a bank we have for example Fortis (we won't call it a belgian bank anymore because it now has Libyans, Chinese and Russians among its bigger shareholders... Who would have thought this 5 years ago ?) so that would become FORTI5 - who would see the difference ? ANd I am sure that if we play around with fonts and numbers we would even make it smaller. And they have a chance because those domains internationally are still free or on hold. This would be better than to have domainspeculators buy an interesting domain like fortis.biz that is an unsafe PHP installation and could maybe be hijacked and used by phishters. And who wouldn't believe there is a fortis.biz domain ? THis tool is better to find typosquatting domains but it shows that only handwork will really let you find all the typosquatdomains that really matter. There are too many typosquat domains in those listing that make no sense at all. It also show that paying for only your .be domain monitoring is just ridiculuous. The explosion of new domainextensions will also lead to a very important decision that may shake up the domainmarket and the domainstrategies and I don't think everybody is conscious of what happened. Take a bank like fortis * you take only your own domainextension of your homecountry and you communicate massively that this is your only domain and you call all the others fraud. For the antiphishers this is really simple. Each bank has one domainextension, that of its own country. Final. All the rest is fraud. * you take only the domainextension like .bank and call all the others fraud. The problem is that it is a domainextension with an solely english connotation so maybe .fin is better (finance, financiën,.....) and how many pure banks are still out there. Also very easy for antifraud controllers. * you make your own domainextension if you are a global player. For 60.000 dollars you have .fortis as a domainextension which is peanuts - and free publicity. Well it would be more in total but it would still be peanuts if you read how much is being paid in salaries and damages and take-overs. You will have to invest in DNS security but you can isolate your own 'fortis' network from the rest of the internet into different security zones from the moment the first package arrives at the router. |
| ratproxy - Passive Web Application Security Audit Tool [Darknet - The Darkside] Posted: 03 Jul 2008 03:42 AM CDT Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the... Read the full post at darknet.org.uk |
| bpmtk: A New Version With bpmtk.dll Included [Didier Stevens] [Belgian Security Blognetwork] Posted: 03 Jul 2008 03:41 AM CDT Here is a new version of the Basic Process Manipulation Tool Kit (bpmtk). Some noteworthy changes:
So now you can also load the bpmtk as a DLL in a process and it will execute its configuration. The configuration is embedded in the DLL as an ASCII string. To change the configuration, you’ve 2 options:
        |
| Online Tool to test SSL certificates [Security4all] [Belgian Security Blognetwork] Posted: 03 Jul 2008 02:22 AM CDT Heiseonline has launched a webtool enabling you to check for the infamous weak crypto keys generated on Debian (alike) systems between September 2006 and May 13th, 2008. For more details, check the... |
| The *aaS Alphabet Soup [ImperViews] Posted: 03 Jul 2008 01:52 AM CDT One of the merits of living in the Silicon Valley is being able to exchange ideas, meet the guys that make it happen and live the buzz (or buzz life). In the past year or so, the frequency of the small talks we have around services in the cloud has increased significantly. Take a look at TechCrunchIT and all you see is picture of clouds. Looking back a few years, I was part of a failed attempt to build Exchange as a service and backup as a service in 1998 (Publicom alumni, step up:-) so it was fun to read Rich Tehrani's article yesterday, about the hosted application market, pointing more to the database as a service or platform as a service or application as a service (PaaS, DaaS, AaaS or, in short *aaS) but unfortunately he wrote only few words regarding security. As enterprises try to reduce their cost and align computing requirements with actual use and the need to cost-effectively provision database infrastructure to support real time usage, the new *aaS technology and market emerges. Googling for "database as a service" or "platform as a service" will bring many results. Some of the behemoths (Google, Amazon) as well as less established companies such as LongJump offer services that will allow you to leverage the benefits of database in the cloud. Most offerings lack the same maturity level of security and activity monitoring that in house database deployment offers. The growing adoption of *aaS platforms still does not include many applications that store private data or sensitive information in the cloud. As the demand grows, organizations should pay attention to the level of security and auditing capabilities that they have from the "cloud." |
| Virtualisation - Welcome Back to the 90s. [Security Thoughts] Posted: 03 Jul 2008 01:37 AM CDT I've been thinking about this for a while but this blog post by Pascal Meunier pretty much sums up my feelings about Virtualisation. Back in the 90s when the Internet was new-ish and just becoming important all the machines running it were Unix boxes. (Maybe not all, but most). And a 386 would typically run DNS, sendmail, telnet (shell accounts), ftp and apache. All on the same box. Security wasn't so tight in those days but it was usually good enough and the box could happily do what it needed to do. Along came Microsoft and produced the idea of "one box - one service". You can't seriously consider running your domain controller as a file server. What are you thinking? And to put mail on the same box? No way. In fact, your SQL server is running under significant load, chain a few together. And companies would buy into this concept. Microsoft were happy - more licenses. All the PC guys were happy too - more money. More complexity - more jobs. Essentially what has happened now is that Moores Law has kicked in and has caught up with the complexity of Microsoft's software to the point where one server box can run multiple applications on it. Imagine that. But Microsoft has planted the one-service-one-box concept so well that it is now part of IT law. File server and mail server on one box? But wait...whats this button over here....? Vir-vir-virtualisation. And now we have the tools to allow us to once again run multiple applications on one server without having to admit that one-application-one-server never made sense. To be fair - Virtualisation does have other advantages - running multiple Operating Systems for example, being able to easily move a virtual machine from one box to another (without configuration issues), being able to make a snapshot backup of a system. But running multiple applications on one box is not a huge win. |
| StubHub millionaires? [StillSecure, After All These Years] Posted: 03 Jul 2008 01:08 AM CDT One of the cool things about the first dot com bubble was the "ebay millionaire". These were people who built businesses around selling goods at auction on ebay. There has been much written and said about the methods of these people and certainly it was a big attraction to people selling on ebay. I had an interesting plane ride home today where I met someone and discovered todays equivalent. I call it the StubHub millionaire. It is a testament to American ingenuity and shows that given the tools, people will find a way to exploit and make money. Up until fairly recently you bought tickets to sporting events and other entertainment from a box office or ticket agent such as ticketron. The "after market" in ticket sales or scalping as it was called in NY was often times illegal. There were though some legal ticket brokers that you could buy tickets from. Now with the advent of StubHub and similar type of ticket reselling outlets on the web though, the infrastructure is in place for anyone to sell tickets on line. You would think that most of these people selling tickets were people who had either extra tickets to an event or perhaps a season ticket holder looking to unload some tickets to help defray the costs. Not the case! There is a now a whole class of businessman who buys season tickets to multiple teams, sports and cities and than uses outlets like StubHub and others to sell these tickets. The guy I spoke to today had season tickets to 6 different NFL teams, 3 major league baseball teams and multiple basketball and hockey teams. Many of his tickets are sold months and weeks before the event. If any are left within 14 days of the event he puts them on ebay. His average mark up is about 40 to 50% of face value, but by buying season tickets he pays below face, so his actual margin is closer to 60 to 70%. He keeps a few tickets for him and his family to go to a few games a year. This started as a hobby for him with Yankee season tickets, but he has done an analysis and compared to what he would make investing that money in the market, he has come out way, way ahead. He thinks that on a 12,500 investment, he makes about 40k! That is not bad. This year when all is said and done he will make six figure income from the resale of tickets he bought. Think about it, no office or anything. Just list your tickets and let people buy them. Take some of the money and buy more tickets. So what the heck am I doing trying to show people why it is important that they put good security in place on their computers? There has got to be a better way.  |
| USCERT: Apple Safari Webkit Vulnerability [Infosecurity.US] Posted: 02 Jul 2008 11:57 PM CDT The United States Computer Emergency Readiness Team has announced a new Apple (NasdaqGS:APPL) Safari browser vulnerability. According to the US-CERT, the browsers’ WebKit plumbing is the source of this particular issue. The specific issue, enumerated in Vulnerability Note VU #361043 which specifies the Webkit implementation evidently contains a memory corruption vulnerability which can permit a [...] |
| Aviv Raff: Latest VLC Issues [Infosecurity.US] Posted: 02 Jul 2008 11:49 PM CDT Aviv Raff holds forth on the previously reported VLC vulnerability and a little side issue: No Automatic Update in the latest version of the VLC project. |
| Grande Theft Auto... What Was He Thinking? [Security Uncorked] Posted: 02 Jul 2008 11:05 PM CDT Well, it didn’t happen to me- but here’s another J! True Security Story for you… I went to the salon today to ‘get my nails did’ and was greeted with quite a ruckus. The entire staff is Vietnamese- no big surprise there- but the owners and most employees speak English extremely well and so everyone is always chit-chatting throughout the salon. The wife side of the husband-wife team was especially giddy as she shared a little gem of a story with me today… and I didn’t feel I’d be doing you justice to keep it to myself. They (the salon staff) all live in one of the larger cities here in NC. One of their friends (a middle-aged guy) was out shopping Monday and was sitting in his car in a parking lot during a coming- or going- to a store. A young girl (mid-20’s) came up to his car and motioned to ask for use of his cell phone. Now, at this point in the story, I could have told you the rest…
When he got in reach, she pushed him down to the ground and - yep - ran back to his car, phone still in hand… and drove away. He now has no car and no phone. So, ironically enough, he then had to approach a stranger and politely ask for the use of their cell to phone home and let the group know he was bamboozled. A few tears were shed, but his wife assured him it would be fine and he shouldn’t be scared. (No, I’m not making that up). I was giggling right along with her (and the guy’s wife, who happened to be there). Moments later I thought to myself, “I hope that doesn’t happen to me!” Almost in the same instant I realized… it probably wouldn’t. I’ve been a bit of a paranoid freak since I was little, thanks probably in most part to having two ex-military intelligence parents. For all my life I’ve been raised with ‘the security mindset’ as Schneier refers to it. Always suspicious… always calculating… always aware… and certainly never underestimating a situation. And so then I had to muse… WHAT WAS HE THINKING leaving the car running and unlocked to go after the siren with the cell? For the sake of politeness, I kept my question to my ‘inside voice’, but I do have to wonder why you’d sacrifice the security of a vehicle for a $50 cell phone. The moral of the story… There are two. 1) Involve someone with a ‘security mindset’ and 2) Your security is only as strong as your people. A sweet damsel in distress… social engineering at it’s finest… # # # |
| 7-11 ATM Hackers….Further Details [Infosecurity.US] Posted: 02 Jul 2008 06:54 PM CDT Gary Warner updates us on the latest information regarding the infamous 7-11 ATM Fraudsters. Wired’s ThreatLevel blogger Kevin Poulsen posts a typically well written and fascinating take on this particular crime. |
| Security Warrior: Fun with Logs [Infosecurity.US] Posted: 02 Jul 2008 05:55 PM CDT Anton Chuvakin, Ph.D. a fellow member of the Black Hat Security Bloggers Network posts an intriguing, and oft times amusing write up of log analysis, and the foibles thereto…. |
| Mobile phone to pay : not very secure think most Belgians [belsec] [Belgian Security Blognetwork] Posted: 02 Jul 2008 04:38 PM CDT This is from a survey (for what it is worth) from Unisys. In my view it are indications when the percentages are enormously different over time if the technique of questioning and sampling hasn't changed. 1. Most of the people wouldn't pay with their mobile phone
3. The telecom providers have still a long way to go before they have secured their operations and clientservice enough to win the trust of their clients. Banks have much more credibility.
|
| double authentification for ebanking is cracking [belsec] [Belgian Security Blognetwork] Posted: 02 Jul 2008 04:24 PM CDT Security is relative. What was once absolutely secure may not always be the case today. Untill today it was a kind of 'not with us' response that our Belgian banks and institutions have a very secure operation and that everybody should have an enormous trust in the ebanking. We have (some still have - others don't care that much) double authentification (what you know (password or secret question) and what you have (like a card)). But the last months there are snippets of news that must worry the banks that have used double authentification as a justification to stop worrying about security, may have to think again and upper their defenses. Panda and others have published parts of information that they have that the double authentification may be broken or intercepted or their defenses circumvented. For the moment nobody is saying much as one could imagine that this would send panic waves through the industry. But if you look closely at the techniques that are being used by the trojans and bankviruses than you can imagine how they would do it. Intercept in the kernel, screenrecording, intercepting in the browser or a proxy and so on... It is not yet mass scale, but we are coming closer, one step at a time. It is now up for the banks and others to stay ahead and take the necessary measures to upgrade the security so they can stay one step ahead. |
| Web App Firewalls the Rage for PCI 6.6 Compliance [The IT Security Guy] Posted: 02 Jul 2008 04:15 PM CDT The deadline for complying with Section 6.6 of the Payment Card Industry Data Security Standard (PCI DSS) passed this week. Before June 30, its two alternatives -- web application firewalls or code reviews -- were only a recommendation. Making it an either-or proposition is sort of silly. It should really be based on a risk assessment and vulnerability testing of the web application. In some cases, securing the web application could be both alternatives together or, maybe, neither. It seems that many companies are choosing the easier way out, rather than the right way out, and opting for web application firewalls. Now, here's a nice companion guide from the PCI council itself, clarifying the two Section 6.6 alternatives. After reading this, it's not as scary as it seems. In some cases you can use web scanning tools, like AppScan and WebInspect, which are reasonably priced and easy to use. |
| Let's Get Physical: Social Engineering and Security [The IT Security Guy] Posted: 02 Jul 2008 04:05 PM CDT This is a real interesting item from Dark Reading about social engineering scams where fraudsters basically just walk into banks and steal data -- not from computers but paper right off people's desktops. Posing as consultants, they come in and take their pick of what may be lying around. The article says too many banks are beefing up online and web security, which is still important, but are still vulnerable on the old fashioned physical security front. |
| Study Cites Risk Management as Key [The IT Security Guy] Posted: 02 Jul 2008 04:00 PM CDT Risk management is the key to information security, according to the 2008 Information Week Strategic Security Survey. The idea is to "focus on the value of data and how likely it is to be compromised, rather than on how the compromise might occur." In other words, assess the risk first, then figure out the technical fix second. Throwing on technical controls willy-nilly without regard to the level of risk doesn't make sense . It can be costly and hinder the business -- ultimately, turning them against the security they really need. High risk data on laptops, for example, that might leave the office requires stronger controls than, say, an isolated desktop not connected to the Internet with little customer data. |
| hacked maxi-graph.be leader of graphics [belsec] [Belgian Security Blognetwork] Posted: 02 Jul 2008 03:37 PM CDT  |
| What does a hacker...hear? [spylogic.net] Posted: 02 Jul 2008 03:08 PM CDT  Good post on Bloginfosec last week that talks about all the interesting security related sounds that go on in pretty much any environment just by listening. If you saw Johnny Long's "No Tech Hacking" presentation then you will probably remember the line "What does a hacker see?" as Johnny pointed out items in pictures that wouldn't be a big deal to the average person but to a hacker this information becomes extremely valuable. Russell Handorf who wrote the article on Bloginfosec also put together a pretty cool quiz that you can take online to see if you can recognize some typical and not so typical sounds from various computing devices. I would be interested in hearing more about cell phone defaults...for example, does your phone have a default sound for Bluetooth sync? Like Russell mentioned in his article, it is pretty easy to use a tool like hcidump or the soon to be released BTfind which will help identify and enumerate found Bluetooth devices. Next time you are at a conference, on the bus, train or at your local coffee shop pay attention and listen...you might be amazed at what you hear. |
| Posted: 02 Jul 2008 02:20 PM CDT |
| Online Gaming: Safety for Kids [Vitalsecurity.org - A Revolution is the Solution] Posted: 02 Jul 2008 01:21 PM CDT  Above, you can see pretty much my entire gaming collection. If there's an alien army to conquer, I've conquered it. A fleet of dragons to vanquish? They're extinct now. Wave after wave of evil WW2 Nazis to shoot in the face? Taking a dirt nap. And so on. I can't help be mortified when I see an article like this, though, where scumbag paedophiles are using videogame technology to get online and groom kids. Of course, systems like the XBox 360 have parental controls and lockouts and stuff, but the problem is - how many parents actually know how to use it? Mostly, those bits of paper get thrown aside while little Jimmy whips out his newest toy and starts shooting aliens in the face. Well, in general most gaming companies whose consoles can go online are pretty responsible with regards information aimed at keeping the kids safe and all that jazz. Here's some useful links I have for anyone with kids who play online with consoles. If you have any suggestions (assuming the comments are working) feel free to throw them in and I'll add below. * First off, XBox Dad. A good blog with useful info. In particular, this entry regarding webcam settings might be helpful. * Here's how you manage all the parental control stuff on XBox machines. * This is a great site - Gamingwithchildren.com. I won't blab, just check it out. Good stuff. * If you have a Wii and are currently throwing yourself around the house to the strains of Wii Fit, then you might want to check out the Wii Parental Controls page. You can even restrict the content that appears in the browser, which I must admit I had no clue you could do. * Playstation is a bit of a pain in the butt, because if you go to their FAQ page it dumps you into some horrible mess of frames and it's impossible to link to anything. This article on USA Today seems to be accurate though, and covers settings for both PS3 and PSP which is a handy addition. The article dates back to 2006, but as far as I'm aware the information is still correct. Now if you'll excuse me, it's time to go conquer some alien scum... |
| Mid-Week Spywareguide Roundup [Vitalsecurity.org - A Revolution is the Solution] Posted: 02 Jul 2008 12:40 PM CDT Not many posts here at the moment, because I'm finishing off a couple of possible conference talky-thing submissions. Plus, I haven't been able to log into my blog account, Haloscan comments are goosed (again) and I'm still finishing off that last Postbag. However, no such problems over at Spywareguide with a veritable blog rampage. Let's do this thing: * Bizarre Forum Spam and An Old Classic: Two for the price of one, first some weird spam and second, ye olde email scamme. Not very inventive, really. * Credit Card Hack Pack: What's that? People like faking cc dets online? Oh. Better not let them get their hands on this, then. * The Time, The Place: I think this has the potential to be a gigantic social network disaster. How about you? * My Name....is......Neo! : Nothing to do with the films, but click here and read about some crummy infection from China, all the while pretending to punch people in the face and hang out with chicks in rubber dominatrix gear. * Fast Track to Botnet Central: My colleague writes about a Botnet thing he found. Clicky. * The Angry Spamtool: What a charming and delightful name this tool has. * Social Networking - When it all goes horribly wrong: I couldn't make a direct link to the PCWorld article for some reason, so go here to get to it. Apologies. Blame Blogger, it sucks. * Your 419 Mail Roundup: Scam emails! Yay! Now if you'll excuse me, I have to gimp around with Powerpoint and complain about Blogger some more. |
| NAC vendors loading up fuel in the tank [StillSecure, After All These Years] Posted: 02 Jul 2008 12:09 PM CDT First it was Bradford Networks announcing they had raised another 8 million dollars in venture funding to help them break out beyond the edu market. Now comes word that Forescout has raised a like amount amount of additional capital. This was based upon a 80% growth rate for Forescout. This is well below the numbers I have seen Ray, Ken and Gordon throw about in interviews and at presentations. I guess you can spin all you want about how many customers you have or have won, but when it comes to raising cash, you can't play as fast and loose as you do in your marketing. Also this is a series E round for Forescout and brings their total raise to 44 million dollars. That makes for a tough number to make work. They need to roll some hard ways to make that bet pay off. I was led to understand they just raised 6 million last September. That makes 14 million in a little under a year. Can you spell big B-U-R-N. The thing about both of these raises is that in the present market, just like the gas you put in your own tank, the gas these NAC vendors are putting in their tank is I am sure quite expensive!  |
| Critical Vulnerability: VLC Media Player [Infosecurity.US] Posted: 02 Jul 2008 11:00 AM CDT Secunia Research has announced a highly critical vulnerability in the open source media player VLC method of processing WAV audio files (WAV Processing Integer). Currently, the only workaround is to not open WAV files from untrusted sources. |
| PCI-DSS references the outdated OWASP Top Ten [Jeremiah Grossman] Posted: 02 Jul 2008 10:40 AM CDT I'm sure other people have noticed this, at least I hope so, but never mentioned it publicly. If you read PCI-DSS 1.1 section 6.5, the part that covers "Cover prevention of common coding vulnerabilities in software development processes", you'll notice the list is identical to that of the OWASP Top Ten 2004 while the latest version is 2007: 6.5.1 Unvalidated input 6.5.2 Broken access control (for example, malicious use of user IDs) 6.5.3 Broken authentication and session management (use of account credentials and session cookies) 6.5.4 Cross-site scripting (XSS) attacks 6.5.5 Buffer overflows 6.5.6 Injection flaws (for example, structured query language (SQL) injection) 6.5.7 Improper error handling 6.5.8 Insecure storage 6.5.9 Denial of service 6.5.10 Insecure configuration management I guess technically speaking anything that's in v2007 and not v2004 you don't have to worry about. That means you still have to code against Buffer Overflows and Application DoS, but not Malicious File Execution, Insecure Direct Object Reference, and Cross Site Request Forgery (CSRF). Ahh, fun fun. Gotta love compliance. :) |
| RSA Conference 2008 Feedback [RSA Conference - Blog] Posted: 02 Jul 2008 10:39 AM CDT |
| Posted: 02 Jul 2008 10:34 AM CDT
Inspired by my friend Gunnar Peterson, I've committed to begin funding Kiva Micro-loans in the next 30 days with a goal to fund up to $1,000 by year end. What does Kiva do and what is a micro-loan?
Here's a snippet from Gunnar's posting which describes his experience with Kiva:
If you want to send a Kiva certificate, you can do so through the PayPal-enabled link above and use my email addy as the target recipient: choff [@] packetfilter.com At my birthday BBQ bash this weekend, in lieu of gifts I've asked for folks to donate to my pool for this year to fund multiple loans. My family of three young girls and my lovely wife are all very excited about being able to participate in this process both domestically and internationally. In fact, all three of my kids are invested in giving up material goods and gifts in exchange for donations to Kiva. How cool is that? Thanks to Gunnar again for the motivation and Thomas Barnett for his inspiring words. /Hoff Update: Within 3 minutes of posting this, my bud Zach already donated! Fantastic! |
| Web Application Security Today - Are We All Insane? [Jeremiah Grossman] Posted: 02 Jul 2008 10:12 AM CDT CSO magazine was kind enough to publish an opinion piece where I present a top-down view of the current state of web application security. I nervously expect a "spirited" flow of blog comments because it questions the value of certain best-practices and deeply held personal philosophies. Fortunately though our general public discourse has advanced a great deal recently and the community at large is a lot more informed of the challenges at hand. I pulled out a snippet to give a feel. "It is unreasonable to expect publishers, enterprises and other site owners to restart and reprogram every website securely from scratch. Nor can we fix the hundreds of thousands (maybe millions) of custom Web application vulnerabilities one line at time. The very thought sounds insane to me. It would take too long (probably never finish), cost far too much (billions per year), and the bad guys are already ahead of us. Conservative estimates put the total annual IT security spend in the US at $50 billion and e-crime losses at $100 billion. We're losing two dollars for every dollar spent." Enjoy! |
| The many faces of NAC [StillSecure, After All These Years] Posted: 02 Jul 2008 09:55 AM CDT For a long time I have been writing and speaking about the many ways that NAC can help with securing your endpoints and your network. Yesterday, Tim Greene lays out some good reasons for NAC and the many ways it can help. However, he couches it in terms of NAC as a personal firewall. I am not sure I agree with that one at all. Personal firewalls are usually thought of as host based security on the endpoint. While NAC certainly has an aspect of that, NAC is inherently about networks as well. I am reminded by this article of Senforce. They had one of the best personal firewalls in the market and were often called a NAC solution. But when you spoke to Nolan Rosen and the folks at Senforce, they would tell you that they were not a NAC solution, but needed a network based NAC component to compliment their product. That was the basis of a partnership we had with them. In any event, I think we are seeing NAC used for a variety of uses and we will continue to see it evolve in the market.  |
| You are subscribed to email updates from Black Hat Security Bloggers Network To stop receiving these emails, you may unsubscribe now. | Email Delivery powered by FeedBurner |
Inbox too full?  Subscribe to the feed version of Black Hat Security Bloggers Network in a feed reader. | |
| If you prefer to unsubscribe via postal mail, write to: Black Hat Security Bloggers Network, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610 | |
No comments:
Post a Comment