Daily Digs – 09.14.2009
Well, "daily" has been more like "weekly" as of late, but the digs are back.
I think this one is good on a few fronts, but mostly from a humorous perspective. Joe Lieberman and Susan Collins should stick to whatever they do best - and that doesn't include addressing "cyber crime". They're proposing a public / private relationship so that the government (really?) can help them defend against attacks. OK, didn't the FBIs website just get defaced recently? Unless the blunt plan is to put up some sort of subsidy (which I'm not at all endorsing) the government is just going to spin up more useless programs that are run by people who just-don't-get-it.
[Committee Examines Growing Cyber Threat to Businesses]
[FBI Jobs Site Gets Hacked]
Unique is not random is not secure. I'm not sure that's a complete sentence, but it sums up the article on Newsoft's Tech Blog rightfully. For a run down of examples on the differences in the three concepts hit up the link.
[Unique is Not Random is Not Secure]
The Consumerist ran a story this morning with video from LiveLeak on a man installing a skimmer. I'd have to say that I'm definitely more cognizant when using ATMs that are non-bank affiliated and portable. At one point in time I really didn't like ATMs that sucked the card into the machine, however today it makes sense as less risk to me.
[Guy Installing Skimmer on ATM]
I can honestly say I really didn't know much about 'RNS' before I read this article today, but the Fed seems to have cracked down a few of the key members. I'm not sure why the title references RNS as an '0Day' group however.
[Fed Crackdown on 'RNS' Signals Death to Oldest 0Day Group Online]
Don't have the cash or time to go to one of the big name cons? ChrisJohnRiley posted an article about the first online hacker con entitled SecurityTubeCon. There's a call for papers (& vid) out until October 20th, so get your talk ready to go!
[First Online Hacker Conference]
That's all the time we have for comments tonight, but we'll leave you with some other links to ponder. Thanks for stopping by!
[Windows Autoplay Behavior Updated]
[Gustav, the Hackerspace Twitter Bot]
[Loan Officer Indicted for Fraud and ID Theft]
[Dradis 2.4 Released]
[PhoneCrypt is Available for the iPhone (and entirely overpriced)]
[20 Temporary / Disposable Email Services]
[Hacker's Hideaway ARP Attack Tool Released]
[SourceFire's Vulnerability Report for September Screencast]
[Practical Intrusion Analysis Book Review]
Daily Digs – 08.03.2009
Welcome to the 3rd production of Daily Digs here at Security Stallions! It's been a long weekend with a relatively active Monday. We've got a slew of links for your enjoyment with almost-short-as-a-Twitter-update commentary to go along.
First of all I'd like to say that knowledge sharing is the key to >80% of what I've learned in the security industry. From the simple cases where I'm tipped off via a quick blurb on Twitter or all out full-disclosure, you just can't beat community sources. That being said Russ McRee has a great post over on HolisticInfoSe.org about his and Mike Bailey's talk around CSRF. Although Russ mentions vids in the post he didn't link them, so I did a bit of quick digging and found them - just for you. Hit up the links for more info.
[CSRF: Yeah, it Still Works]
[Netgear CSRF Attack Video]
UCSniff's authors Jason Ostrom and Arjun Sambamoorthy also presented at DEFCON 17 this year. The tool, which was previously only available via BackTrack3, has been more recently released as a SourceForge project with some significant new featureset. Another one for the toolbelt!
[UCSniff - UCS Attack Tool]
There's an article up on Silicon about CEOs needing to be less negligent with regards to security. Very true, so if you like to chase the rainbow the article can be had below.
[Optimistic CEOs Must Not Neglect IT Security]
Ryan Naraine is one of the first to break the story on ATM skimming at DEFCON this year. He goes on to tell us how Chris Paget of Google got scammed for $200 when debiting his account. Note to all: get your cash at a reputable banking institution (i.e. where ATMs are built into the wall of the bank), in a casino, or somewhere else security of money transactions would be extremely high.
[Fake ATM Skimmers Found in Las Vegas Hotels]
Do you know what Ippon means in Japanese? Well you better -- it's "game over", and it's the name of a new tool for exploiting automatic updates. Yes, this isn't anything earth shattering in terms of the base exploit, however the methods the tool can "win" at the game of insecure updates are pretty kick ass. Read more about it over at the following TechRepublic blog post.
[Automated Updates: May Not Be Such a Good Idea]
File this one under the category of "About Damn Time" and you have Mikko Hypponen dropping news of Twitter starting to inspect and reject malicious URLs. Although the article doesn't mention it Twitter is actually using Google's Safe Browsing API. It's a (slow) start, but at least it's a start!
[Twitter Now Filtering Malicious URLs]
There's an interesting post by Susan Brenner over at CYB3RCRIM3 about whether or not we should reconsider the notion that companies under attack are prohibited from investigating the attackers and trying to locate them.
[Private Cyber Investigators]
Addonics announced an inline hardware encryption solution for most any SATAI/II type drive system. What's great about the design is that there's also a removable cipher key to unlock operation of the unit and it is also small enough to be mounted in a 3.5" drive bay. The CCM35MK1 is also NIST and CES certified.
[Versatile Hardware Encryption for any Computer]
Although not directly related to security, but big news none the less, VoloMedia has somehow received a patent for podcasting. Really? Who works in the patent offices? Surprisingly, this hasn't been on many people's radar judging from Twitter activity today. Slightly odd considering everyone and their brother seems to have a podcast these days!
[Company Receives Patent for Podcasting]
And tonight we'll leave you with what will, from now on, be referenced as the grab bag. News that's worthy of reading, but we just didn't have time to comment on.
The links for the grab bag tonight are as follows...
[Hacking Surfpoint Terminals]
[DEFCON Air Traffic Control Hack]
[High-Security Locks Defeated]
[Opensourc3 Magazine Publishes First Issue]
[PayPal Suffers Outage]
[5 Tips to Stop Staff Snooping]
As always, thanks for stopping by and comments are always welcome!
--windexh8er
Tags
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Feb | ||||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Random Musings
Twitter: windexh8er
- Zoom whitening - more painful than expected but white white teeth!
- Inception in VIP at Showplace Icon FTW to celebrate resignation! Wooo hooo!
- Coke has hybrid electric delivery trucks, interesting. http://twitpic.com/27usw6
- Mog vs Rdio, the battle for my $10/month... (Mog is now on Android)
- Wow... TrueCrypt 7 benchmarks at 1GB/sec encrypt and decrypt on the i7 in the MBP. Too bad FileVault doesn't use AES-NI. :(