Posted: 11 Nov 2008 04:30 AM CST
One of the most prolific contributors to the Security Bloggers Network is the BelSec blog of the Belgian Security Bloggers Network. The folks from BelSec contacted me about a year ago and asked if they could join the famous SBN. I was flattered that they thought the SBN was famous and after checking out the sites sent them an invite.
Well over the last year the BelSec crew have certainly proven themselves as great members of the SBN and a valuable resource to the security community. Tomorrow (today for those in Europe) they celebrate their one year birthday. The crew at BelSec has a lot of activities planned throughout the day. Stop over, see for yourself and enjoy.
Happy birthday BelSec and many more. Keep up the good work!
Posted: 11 Nov 2008 02:42 AM CST
Several years ago, I was at a friend’s house and we were using his Amiga. Hard disks were not that common in those years, and we were loading programs from 3″1/2 diskettes.
Some time after I was with another friend which also owned an Amiga. He had a floppy disk with a program he liked quite a lot, but when we tried to boot it, we faced a read/write error.
I was amazed about that because these guys were smart, although just not computer-savvy. But then I discovered they both used to hang around with the son of the owner of a local computer shop, a warez kiddie. Culprit found.
Posted: 11 Nov 2008 12:00 AM CST
Posted: 10 Nov 2008 11:02 PM CST
Posted: 10 Nov 2008 08:48 PM CST
We currently have 3 Information Security positions open at MIT Lincoln Laboratory. The first position is Information Technology Security Team Lead. It is position #914 on the Employment page. Rather than re-hashing all the details you can read about it there. The other 2 positions do not have job postings up yet. We need 2 IDS / IPS analysts full time. Details of the positions should be posted soon.
All 3 positions are in Lexington, MA and will require the candidates to be able to obtain at least a SECRET level security clearance. If you or anybody you know may be interested please contact me at: chris.harrington AT ll.mit.edu
Posted: 10 Nov 2008 06:35 PM CST
As we all know, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is an attempt to remind people of useful content from the past month!
So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.
See you in November.
Possibly related posts / past monthly popular blog round-ups:
Posted: 10 Nov 2008 03:42 PM CST
So Chris Hoff thinks he might have come across the perfect solution to his vexing cloud/virtual security issues. A comment from from Greg Ness over at Infoblox fired up a synapse in the Hoff's brain and he recalled that the TCG/TNC's IF-MAP protocol could really help with the whole in the cloud/virtual conundrum. Chris wants to know how many vendors outside of the NAC space are actually supporting IF-MAP.
So while I don't stay as close to the goings on at the TCG/TNC as I would like to, let me venture a guess. I think very few vendors are actually supporting and have implemented it. In fact it is not just non-NAC vendors, it is NAC vendors as well. Other than Juniper, I am not aware of another NAC vendor who actually supports MAP yet. Not because we don't want to, it is just not important enough. I was also very jazzed about it last year at Interop. Customers have not demanded it. So no one has the cycles to spend on it. Yes Infoblox would make the comment on your blog. I think they are the people who originally came up with the idea and pushed it through the TCG with their own server as the storage container. Beyond that I though ArcSight was behind it, but don't know how far they have gone either.
Chris unfortunately like the TCG/TNC NAC standard itself, without more customers demanding it, it remains in the nice to have category instead of the must have category. So in your lingo, there are many more haznots, than there are haz's and it will probably stay that way.
Posted: 10 Nov 2008 03:17 PM CST
Time for more pain. I like this one. It'll be different than the last few, and might involve a bit of a brain stretch for those not familiar with exploit techniques that differ from the norm. It'll hurt. There's a bit of basic reversing, but that's not the problem. Win2k please. AWBO5 "This is very important" --Olney "If I were your husband I would take it." -- Winston Churchill, hon VRT
Posted: 10 Nov 2008 01:46 PM CST
Well our economic news week was off to a rockin' start today. First came word that Circuit City was filing for Chapter 11. Well at least there should be some good liquidation deals on TVs and stuff in time for the holidays. While supplies last that is. They had previously announced they were closing 155 stores and their stock was on the verge of being de-listed, so this should not be a surprise.
Next came word that DHL, which is actually owned by a German firm, is basically abandoning the US domestic market and will just service international deliveries from and to the US. This will involve the loss of about 9,000 jobs, most of them in Ohio. Just what that area needed. DHL was always a distant third to Big Brown UPS and FedEx. Still, more tough news, more jobs lost, more bad news.
This comes on top of some pretty grim news from the US automotive industry and giving our favorite insurance company, AIG another multi-billion dollar bailout. I don't agree with people who say that all of this bad news will not have a chilling effect on IT in general and security in particular. Just as a rising tide lifts all boats, an outgoing tide makes them all lower as well.
Related articles by Zemanta
Posted: 10 Nov 2008 01:02 PM CST
Posted: 10 Nov 2008 12:43 PM CST
Express Scripts (Nasdaq: ESRX), one of the largest pharmacy benefit management companies in North America, announced last week that it has received a letter from an unknown person or persons trying to extort money from the company by threatening to expose millions of the company's patients' records.
The letter included personal information of 75 members, including their names, dates of birth, social security numbers, and in some cases, their prescription information. The company said it has notified the affected members. It also immediately notified the FBI, which is investigating the crime. The company also said that it is conducting its own investigation with the help of outside experts in data security and computer forensics. The letter arrived in early October. (Read the full press release here)
While we do not know all the details about what happened at Express Scripts (it is unclear if this was an external hack or a case of an insider taking some data), it looks like extortion schemes for illegally obtained data is becoming increasing common these days.
Posted: 10 Nov 2008 09:44 AM CST
THUS is a part of Cable and Wireless that operates in the UK. It is also a victim of phishing, or at the least brand impersonation.
Posted: 10 Nov 2008 08:52 AM CST
http://www.engadget.com/2008/11/10/internet-addiction-defined-in-china-entire-engadget-staff-now-o/ Is a “dependency” the same as an “addiction“? Many businesses and business processes, to say nothing of Government, are now _dependent_ on the Internet. Its a key part of our economy, not just our lifestyle. The world could possibly give up cell-phones but I doubt it could give up the ‘Net and continue without [...]
Posted: 10 Nov 2008 08:30 AM CST
OK, for you people still running out to Joe’s Ol’ Computer Shoppe to get spare parts for you old 386’s and licenses for your Windows 3.11 machines running a peer-to-peer network, you are screwed. Microsoft stopped issuing licenses for Windows 3.x on Nov 1.
Sorry. Time to upgrade to Windows 95. BTW, you may want to move to a 486 DX66 or something speedy like that. At get AT LEAST 4 megs or RAM while you are at it. And upgrade to VGA! I might still have a VESA Local Bus card laying around with 1 meg of video RAM! I’ll sell it cheap!
Posted: 10 Nov 2008 07:14 AM CST
Posted: 10 Nov 2008 06:53 AM CST
http://www.dailytimes.com.pk/default.asp?page=2008\117\story_7-11-2008_pg1_8 Only in Pakistan? Shame! The penalty is limited to an offence that 'causes death of any person', according to the ordinance that will be considered effective from September 29. And, thinking of the “for want of a nail” poem, how indirect does this causality have to be? OK, I can see zapping someone’s pacemaker, but how about [...]
Posted: 09 Nov 2008 09:05 PM CST
Even if you have been to ShmooCon, something that alludes most con-goers is the Hack or Halo contest. Most of the time you will see it’s organizers at table near the registration desk getting people signed up. What you may not know is how the whole thing goes down. It’s after hours so, you aren’t missing the great content during the day, and it might save you a few dollars of money spending bar time. But the primary purpose of Hack or Halo isn’t to put money back in your pocket (and yes it’s free). The primary purpose is to get your game on be it gaming or hacking. Actually Chris Compton spells out what goes down really well on the Hack or Halo blog in his post called “In The Beginning”.
Now that we got it all straight. See you there.
P.S. The picture on the right is @KymPossible from the Hack or Halo squad. For most geeks out there, she will be reason enough to sign up. And yes, I may die tomorrow for posting this.
Posted: 09 Nov 2008 08:08 AM CST
It’s reported that China-based anti-virus vendor - Rising damaged users' Outlook Express. The incident was firstly report at Nov.7. The Rising anti-virus software - Kaka was found to kill the Outlook Express folders as virus files. Rising has apologized to their users for this wrong operation and promised to correct this and help users to recover their [...]
Posted: 08 Nov 2008 02:45 AM CST
Odd Title... but it's 3:30am.
The first thing I wanted to mention was KiTTY ( via /dev/random). It's a fork of PuTTY, which is nice given PuTTY is on a rather slow development cycle, and new features are almost non-existent. Some of the features include folders within the saved sessions box (although, not implemented as "friendly" as they could be), transparency (this didn't work for me), login scripts (also didn't work for me) and integrated scp support. The features list is actually quite a bit longer than that, feel free to read it on the KiTTY website. As mentioned, a number of the features didn't work for me. I'm going to give it a try on a second computer before I rule it out, but I wanted to mention it now. A second bad experience would most likely lead to me never using it or mentioning it here, and it may work wonderfully for others.
The second thing I wanted to mention is that Komodo Edit 5.0 (the free version of Komodo IDE) is now available. Some of the biggest things are limited to Komodo IDE unfortunately, such as Source Code Checkout capabiliies and the ability to "beautify" your code. It does provide some UI clean-up and an update to Firefox 3.0 in the Edit version though.
Posted: 07 Nov 2008 08:01 PM CST
Posted: 07 Nov 2008 02:54 PM CST
Many of you know who operat0r is, Darren in particular since operat0r pulled a magic trick on Darren’s ACER ONE that turned it from brick to badass in less than 5 minutes. But what some of you may not know is that ol’ McCurdy (operat0r) has some other awesome side projects that run the same course as my style of apps. PORTABLE. But these aren’t the standard portable apps that I find on the net. Well... let me just get to the list. Oh and I’m not linking directly to the projects because the download links change as he updates the tools.
You can find all of these awesome McGoodies at operat0r’s site: http://rmccurdy.com/
Posted: 07 Nov 2008 01:42 PM CST
Way back when, car phones were the new in thing. Then came cell phones (they could actually fit into your pocket!). After cell phones came smartphones. The first gen versions of smartphones were bulky, slow and black and white — Gross. Today we have iPhones, Blackberrys, Windows Mobile and Android phones (to name a few) that can do so much more than their older brothers and sisters from only a few years ago.
One of the biggest things to enter the cell phone market was GPS and aGPS. Both of these services provide the ability for the phone, service and people to know exactly where they are in real time. Scary, huh?
While location based technology can be freaky, it can also be a huge help to your everyday activities. I leave GPS turned off and use cell tower-based location (where your phone can approximate where you are based on towers around you) to find restaurants and machanics. But there is so much more than can be done with location.
Since I’ve been testing out the G1 from HTC, there is an amazing application called Locale that comes in the market for Android apps. This program lets me change almost every setting on the phone based on where I am. No location information is sent to any outside service so I have no fear of people tracking me.
It automatically turns on vibrate mode when I’m at work and turns the phone up louder when I’m out running (Hey, I run sometimes). For power-saving, I have the phone set to leave wifi turned off unless I’m at a place that I know has it available like National Mechanics or IndyHall. This means that I get faster web browsing without touching the configuration of the phone.
This is a location-based application that I believe that everyone could sink their teeth into. It doesn’t share where I am, it doesn’t interrupt me while I’m in a meeting and it provides a service to me that I otherwise would have had to work for — Changing my own ring volume? No way!
What do you think are some other great uses of location-based services or applications? Restaurant reviews? Movie listings? Why would you use them in the first place?
Posted: 07 Nov 2008 12:22 PM CST
I’ve had the G1 now for a little over 1 week and I believe I’ve decided it will be my new phone. I love so much about it and dislike only a few things. One of the great pluses to having Android on the phone (instead of an iPhone) is that the OS is open source and applications can be made and distributed from anywhere (not just the market).
I’ve decided to give you a recap of the top 5 (the greatest) and bottom 5 (the not-so-great and/or strange apps) third-party apps that I’ve found for the G1. This list does not include applications like Gmail, integrated Google Talk with contacts and Google Maps with the amazing compass view.
Top 5 -
Bottom 5 -
Those are some of my top and bottom picks. What are some that you’ve seen that I should add into my application reserve pool? With a 16 GB card, I can add every app from the market and still not be anywhere near full!
Posted: 07 Nov 2008 09:47 AM CST
Ok, it’s not to you, but it is to a good cause. Here is their blurb:
Hackers for Charity helps non-malicious hackers gain valuable job experience by putting them to work on projects for charity. They also build computer classrooms to help children and adults break the cycle of poverty through empowerment training, and feed children with funds raised by sales of Johnny Long’s books.
So head on over and sign up. It’s free and you can feel better about yourself. Plus you can help me in my goal to make The Academy’s Director broke.
Posted: 07 Nov 2008 08:58 AM CST
I've written about the link between NAC and MSP before, and the success of NAC in the higher education market is certainly no secret. More and more of our higher ed customers have been talking lately about outsourcing their residential networks. This seems to make sense on a number of levels, provided that the schools can work out a structure for the support as well as engineering and maintenance of the residential network. Certainly, it makes sense to have NAC as an integral part of the managed resnet service, but it also has the potential to go much farther than that, including services like voice and on-demand video in addition to data. Network Vigilance, a company based in San Diego, CA, provides managed NAC services today. Another company based here in Austin, Apogee has managed residential services as their primary business function and seems to be making a go of it (except for the domain name, seriously..).
Despite the macro economic conditions (and perhaps because of them), I think this has real growth potential. Having what amounts to a specialized MSP provided authenticated, well-governed network access to residential halls, freeing on-campus network staff to focus more on backbone services, and providing school administrators with a predictable cost structure that can be baked into the cost of the dorm room seems to make sense for everyone. Just don't forget the "authenticated, well-governed" part.
Posted: 07 Nov 2008 04:18 AM CST
This requirement applies to Authorized IRS e-file Providers participating in Online Filing of individual income tax returns that collect taxpayer information via the Internet. These Providers shall possess a valid and current Extended Validation Secure Socket Layer (SSL) certificate using SSL 3.0 / TLS 1.0 or later, and minimum 1024-bit RSA / 128-bit AES.
This passage refers to the service that may be offered by sites whereby you can file your taxes directly online from your own computer. The e-file program offers free filing to individual taxpayers with household income under a certain threshhold ($54,000 in 2007) and for-fee filing to any individual. (It also offers filing services to businesses and the self-employed, but those groups are outside this requirement, at least for 2009.) You may recall that online tax scams, including phishing attacks, have run rampant during the past two tax seasons. I believe that's what motivates this decision by the IRS, which seeks to offer e-filing to the populace in a widespread and egalitarian way while minimizing the individual's risk of identity theft.
|You are subscribed to email updates from Security Bloggers Network |
To stop receiving these emails, you may unsubscribe now.
|Email Delivery powered by FeedBurner|
|Inbox too full? Subscribe to the feed version of Security Bloggers Network in a feed reader.|
|If you prefer to unsubscribe via postal mail, write to: Security Bloggers Network, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610|