Who's Online
There are currently, 33 guest(s) and 2 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
Under worm attack, US Army bans USB drives
Posted by cdupuis on Thursday, 20 November 2008 @ 19:13:28 EST (277 reads)
Topic In the News
Zero Day
Ryan Naraine, Dancho Danchev & Adam O'Donnell
November 20th, 2008
Posted by Ryan Naraine @ 10:34 am
Under sustained attack from what is described as a rapidly spreading network worm, the U.S. army has banned the use of USB sticks, CDs, flash media cards, and all other removable data storage devices, according to internal e-mail messages seen by Wired’s Noah Shachtman.
According to the article, service members have been ordered to “cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware.” Eventually, some government-approved drives will be allowed back under certain “mission-critical,” but unclassified, circumstances.
“Personally owned or non-authorized devices” are “prohibited” from here on out, according to the e-mails.
The USB device ban was handed down by the commander of U.S. Strategic Command and includes everything from external hard drives to “floppy disks. It takes effect immediately.
To make sure troops and military civilians are observing the suspension, government security teams “will be conducting daily scans and running custom scripts on NIPRNET and SIPRNET to ensure the commercial malware has not been introduced,” an e-mail says.
“Any discovery of malware will result in the opening of a security incident report and will be referred to the appropriate security officer for action.”
The threat from malware that spreads via removable media has been on a steady rise with some estimates showing a 10 percent increase in detections this year.
Original story at: http://blogs.zdnet.com/security/?p=2206&tag=nl.e589
GFI LANguard version 9.0 has been released
Posted by cdupuis on Thursday, 20 November 2008 @ 14:37:06 EST (240 reads)
Topic In the News
GFI LANguard version 9.0 (build 20081118) has been released and is available for download.
New Features in GFI LANguard 9.0:
- New UI enabling users to better understand and access product capabilities:
- Scan the network to perform vulnerability assessment and retrieve relevant security information.
- Analyze the results and generate reports.
- Remediate the security issues that were detected.
- New & improved remediation options:
- Uninstall un-authorized software.
- Open remote desktop connections on scanned computers.
- Auto-remediation can be configured at the end of scheduled scans:
- Automatic deployment of missing Microsoft Security updates.
- Automatic uninstall of un-authorized applications.
- Hardware audit – retrieval of information about: memory, processors, display adapters, storage devices, motherboard, printers, etc.
- Improved reporting – executive reports are available now directly from within the application (if Reports Pack is installed on the same computer)
- Improved user experience with scans in progress:
- Estimation of the time remaining for the scan to complete.
- Centralization of all errors encountered during a scan so that users will instantly see on which machines the scan failed and why.
- Virtual machines detection (VMware and Virtual PC supported)
Limitations:
- Upgrade from BETA version is not supported
Download Locations:
GFI LANguard 9.0: http://software.gfi.com/languard9.exe
GFI LANguard 9.0 ReportPack: http://software.gfi.com/languard9rp.exe
( | Score: 0)
Video from DEFCON 16!
Posted by cdupuis on Tuesday, 04 November 2008 @ 20:02:55 EST (444 reads)
Topic In the News
Turkish hacker arrested by FBI made video giving tips for installing ATM skimmer
Posted by cdupuis on Thursday, 30 October 2008 @ 12:52:40 EDT (365 reads)
Topic In the News
Lou writes "As reported by Paul Fisher in SC Magazine, October 2008
A Turkish hacker known as “Chao” and arrested as part of the FBI operation against underground forum DarkMarket produced his own training videos, researchers revealed this week at the RSA Europe conference in London.
RSA Consumer Solutions Head of New Technologies Uri Rivner said the hacker was behind the manufacture of hundreds of ATM skimming devices made from readily available parts, including switches from IKEA, and sold online.
But it the video that set Chao apart and which surprised the authorities when they saw it. Surprisingly well made and even funny, it is full of tips for criminals on the best way to use a skimming device. Among the tips spoken in broken English on the video are:
Don't install a skimmer in the morning, because people are more vigilant; don't install skimmers in towns with fewer than 15,000 people, because people in those towns would notice changes to their local ATMs; avoid areas with small shops open 24 hours a day and don't set up in areas where a lot of illegal immigrants live.
To watch the video and read the article:
http://www.scmagazineus.com/Turkish-hacker-arrested-by-FBI-made-video-giving-tips-for-installing-ATM-skimmers/article/120035/?DCMP=EMC-SCUS_Newswire
To see some great videos of Skimmers in action, visit:
http://www.professionalsecuritytesters.org/modules.php?name=Flash_Player&op=fp_categ&id=12 "
Uninformed is pleased to announce the release of its 10th volume
Posted by cdupuis on Tuesday, 28 October 2008 @ 01:00:00 EDT (359 reads)
Topic In the News
Uninformed is pleased to announce the release of its 10th volume which is composed of 4 articles:
Engineering in Reverse
- Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan) GPS, Author: Skywing
- Using dual-mappings to evade automated unpackers Author: skape
Exploitation Technology
- Analyzing local privilege escalations in win32k Author: mxatone
- Exploiting Tomorrow's Internet Today: Penetration testing with IPv6 Author: H D Moore
This volume of the journal can be found at: http://www.uninformed.org/?v=10
About Uninformed:
Uninformed is a non-commercial technical outlet for research in areas pertaining to security technologies, reverse engineering, and lowlevel programming. The journal is published roughly three times a year and
welcomes creative submissions from anyone who is interested in sharing knowledge.
- The Uninformed Staff
staff [at] uninformed.org
Using Ebay for Hacking -- Part 2
Posted by cdupuis on Wednesday, 01 October 2008 @ 19:38:39 EDT (661 reads)
Topic In the News
NOTE FROM CLEMENT:
The saga continues....
A few days ago it was VPN devices that were not sanitized, now it is a Digital Camera with some sensitive information that was sold on Ebay. Stupidity like this is nothing new, there was some neat research done on used hard drives a few years ago and they were not sanitized either. I think the portion of the CEH and the CISSP class that talks about physical security and object reuse just received a few more real life examples this week. See the article below:
A second hand camera bought on eBay by a member of the public was found to contain top secret documents stored in the camera's memory card.
The Nikon Coolpix camera was purchased off the auction site for only £17 and contained names, scores of photos, fingerprints and academic records of well known terrorists, alongside with what appeared to be a map showing the links between Iran and active al-Qaeda cells currently in Operation in Iraq.
According to the Sun newspaper, the 28-year old buyer from Hemel Hempstead, who has been barred from talking to the media, only discovered the files when he tried to download his holiday pictures to his computer.
He voluntarily approached his local police station only to be told that it was a joke but a few days later, special branch officers visited him and took the camera away, which sources say, has been sold on Ebay by an MI6 agent.
The news could possibly mean that UK spies have been briefed on how to store secret documents in tiny memory cards that can contain up to 16GB or several hours of high quality footage (ed: shouldn't they encrypt the data though?).
It was only yesterday that we heard about the dangers of having items disposed on Ebay without proper monitoring (see Ebay Dangers : VPN Hardware Lands Kirklees Council In Big Trouble) and that the officer who left top secret documents on a train at Waterloo station could be charged soon.
You can view the list of £17 Nikon Coolpix digital cameras sold on Ebay UK during the last two weeks by clicking on this link
Using Ebay for Hacking -- Part 1
Posted by cdupuis on Wednesday, 01 October 2008 @ 19:32:22 EDT (725 reads)
Topic In the News
NOTE FROM CLEMENT:
We do get trained on remnants left of storage devices and how to sanitize them before reusing them for other purposes, however it seems the training should include sanitizing devices as well. See a great story below from the UK below, I am sure we could do just as well in the states:
A security expert discovered a VPN device bought on Ebay automatically connected to a local council's confidential servers.
Andrew Mason bought the Cisco VPN 3002 Concentrator - a device on which he has written a tutorial book - on Ebay for only 99 pence, with the intention of using it at work.
However, when he plugged it in it automatically connected him directly to Kirklees Council's central servers, circumventing security with the login details which had been carelessly left on the device.
"It instantly connected me, and I had full network access," explains Mason. "I understand the law extremely well and at that point disconnected," adds the intrusion-detection professional.
Despite contacting the council about the matter, no action was taken. "They ignored me at first," says Mason, before explaining that following coverage on the BBC website, access from the device has been shut off.
He admits that there could well be more devices out there, from which access is still possible, and exceedingly simple. "The whole selling point of the device was that it was extremely easy to configure. It's pretty horrific really," says Mason.
The council says it is "deeply concerned" by the news, but is confident that "multiple layers of security have prevented access to systems and data."
"In the meantime the disposal process has been suspended until an investigation can be carried out and appropriate action taken," says a council spokesman.
(IN)SECURE magazine issue 18 has been released
Posted by cdupuis on Friday, 26 September 2008 @ 00:02:06 EDT (848 reads)
Topic In the News
(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. Issue 18 has just been released. Download it from: http://www.insecuremag.comThe covered topics include:- Security standpoint by Sandro Gauci: Closing a can of worms - Network and information security in Europe today - Browser security: bolt it on, then build it in - Passive network security analysis with NetworkMiner - Lynis - an introduction to UNIX system auditing - Windows driver vulnerabilities: the METHOD_NEITHER odyssey - Removing software armoring from executables - Insecurities in privacy protection software - A proactive approach to data breaches - Compliance does not equal security but it's a good start - Secure web application development - Avoiding a "keys to the kingdom" attack without compromising security - The insider threat - Web application security: risky business? - Enterprise application security: how to balance the use of code reviews and web application firewalls for PCI compliance Visit the (IN)SECURE Magazine web site at: http://www.insecuremag.comSubscribe to our RSS feed at: http://feeds.feedburner.com/insecuremagazineContact: - For information on contributing to (IN)SECURE Magazine, please contact Chief Editor Mirko Zorz at editor( at )insecuremag.com - For marketing inquiries do contact Marketing Director Berislav Kucan at marketing (at) insecuremag.com
reDuh tunnel TCP over well formed HTTP creating a full TCP circuit
Posted by cdupuis on Thursday, 28 August 2008 @ 19:21:08 EDT (704 reads)
Topic In the News
Hey guys..
Our BlackHat/Defcon talk this year featured a few tools that we promised to release..
The first tool, or set of tools is reDuh which can be found [here].
reDuh is made up of 2 parts, a local proxy and a server component (which is jsp, php or asp). If you run the local proxy on your machine while pointing it to the server component, you are able to make TCP connections clean through the web-server. This comes in surprisingly helpful (and if nothing else is really cute!). You can read more about reDuh (with pretty pictures) by checking out the [reduh page] or by checking out our [Vegas slides].
[Squeeza] also had some tweaks, and now incorporates some SQL Server OLE goodness. Grab [v0.22 here], and read more about it in the [slides].
Have fun, play responsibly and please post feedback or comments here or to research@sensepost.com
Glenn
Glenn Wilkinson
SensePost
Cybercrime groups starting to operate like the Mafia
Posted by cdupuis on Thursday, 17 July 2008 @ 16:01:58 EDT (807 reads)
Topic In the News
oCERT Open Source Computer Emergency Response Team
Posted by boss on Tuesday, 06 May 2008 @ 09:53:15 EDT (1085 reads)
Topic In the News
Anonymous writes "Robert McMillan, IDG News Service
http://news.yahoo.com/s/pcworld/20080506/tc_pcworld/145508&printer=1;_ylt=AoQ9ZrUeNtSO4_0KHFsk5VoRSLMF
Google has thrown its weight behind a fledgling security reporting group for the open-source community.
The search engine giant, long a proponent of open-source software, is now one of three sponsors of oCERT, the Open Source Computer Emergency Response Team.
Launched in late March, oCERT aims to be a clearinghouse for data on security vulnerabilities in open-source products, keeping open-source distributors on top of flaws and helping small software projects
ensure that users of their code are aware of any issues.
OCERT has published four advisories since its inception. In addition to Google, it is sponsored by Inverse Path and the Open Source Lab.
There are already many national CERT efforts, which coordinate countrywide responses to security threats, but oCERT hopes to meet the unique requirements of the open-source community, where software is often re-used but patches are not always circulated to everyone who needs them.
"It is my hope that this initiative will not only aid in remediating security issues in a timely fashion, but also provide a means for additional security contributions to the open source community," wrote Google's Will Drewry in a Monday post to the company's security blog. Visit the oCERT web site at: http://www.ocert.org/"
Issue 16 of Insecure Magazine has been released
Posted by boss on Saturday, 26 April 2008 @ 00:30:50 EDT (916 reads)
Topic In the News
Anonymous writes "(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics.
Issue 16 has just been released. Download it from: http://www.insecuremag.com
The covered topics include:
- Security policy considerations for virtual worlds
- US political elections and cybercrime
- Using packet analysis for network troubleshooting
- The effectiveness of industry certifications
- Building a secure future: lessons learned from 2007's highest profile security events
- Advanced social engineering and human exploitation, part 2
- Interview with Nitesh Dhanjani, Senior Manager at Ernst & Young
- Is your data safe? Secure your web apps
- RSA Conference 2008
- Producing secure software with security enhanced software development processes
- Network event analysis with Net/FSE
- Security risks for mobile computing on public WLANs: hotspot registration
- Black Hat Europe 2008 Briefings & Training
- A Japanese perspective on Software Configuration Management
- Windows log forensics: did you cover your tracks?
- Traditional vs. non-tranditional database auditing
- Payment card data: know your defense options
Visit the (IN)SECURE Magazine web site at: http://www.insecuremag.com
Subscribe to our RSS feed at: http://feeds.feedburner.com/insecuremagazine
Thanks goes to the following companies for their support of (IN)SECURE magazine:
Qualys - http://www.qualys.com/pci_compliance/se-g
GFI - http://www.gfi.com/adentry.asp?adv=62&loc=41
Contact:
- For information on contributing to (IN)SECURE Magazine, please contact Chief Editor Mirko Zorz at editor( at )insecuremag.com
- For marketing inquiries do contact Marketing Director Berislav Kucan at marketing( at )insecuremag.com"
AIRRAID2 Wireless Hacking Tournament confirmed 27 March 2008 !
Posted by boss on Tuesday, 19 February 2008 @ 08:45:35 EST (1055 reads)
Topic In the News
Anonymous writes "As mentioned on the AIRRAID2 website (airraid2.securitystartshere.org) in Nov 07, the political elections in Thailand in December of 2007 may have postponed the tournament to this year...but now we are finally getting under way!
To our many pre-registrants,
many thanks for your patience while we were busy re-securing the event venue!
The venue booking has finally been re-secured by our Thai partner and the Tournament will now take place on the following date: 27 March 2008 CentralWorld Shopping Complex (former World Trade Center) Level 1, Eden Zone 4 Rajdamri Road, Patumwan Bangkok, Thailand
The word from our Thai partner is that the prize money they intend to sponsor is now 100,000 baht (over USD 3100 at current rates), not counting other prizes.
For more details and information on how to register/participate in the tournament, check out:
http://airraid2.securitystartshere.org
Sincerely,
ThinkSECURE
www.securitystartshere.org "
SP 800-53A DRAFT Assessing Security Controls in Federal Information Systems
Posted by boss on Wednesday, 30 January 2008 @ 08:42:51 EST (685 reads)
Topic In the News
cdupuis writes "NIST announces the release of Draft Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems.
This final public draft provides comprehensive assessment procedures for all security controls in NIST Special Publication 800-53 (as amended) and important guidance for federal agencies in building effective security assessment plans.
Comments will be accepted until January 31, 2008.
Comments should be forwarded to the Computer Security Division, Information Technology Laboratory at NIST or submitted via email to sec-cert@nist.gov .
Final publication of NIST Special Publication 800-53A is expected in March 2008.
draft-SP800-53A-fpd-sz.pdf (3,550 kB)
draft-SP800-53A-fpd-sz.zip (2,061 kB)"
SP 800-15 DRAFT Technical Guide to Information Security Testing
Posted by boss on Wednesday, 30 January 2008 @ 08:36:45 EST (689 reads)
Topic In the News
cdupuis writes "Draft SP 800-115,
Technical Guide to Information Security Testing, is available for public comment.
It seeks to assist organizations in planning and conducting technical information security testing, analyzing findings, and developing mitigation strategies.
The publication provides practical recommendations for designing, implementing, and maintaining technical information security testing processes and procedures.
SP 800-115 provides an overview of key elements of security testing, with an emphasis on technical testing techniques, the benefits and limitations of each technique, and recommendations for their use.
Draft SP 800-115 is intended to replace SP 800-42, Guideline on Network Security Testing, which was released in 2003.
Draft-SP800-115.pdf (694 KB)
Draft-SP800-115_pdf.zip (468 KB)"
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
Old Articles
| Tuesday, January 29 | | · | Uninformed Magazine 9th Volume released online |
| Friday, November 02 | | · | RFIDIOt release - version 0.1q |
| Wednesday, October 10 | | · | The CCCure Web Store is now OPEN |
| Saturday, October 06 | | · | Inguma -- A free Penetration Testing Toolkit |
| · | AIRRAID2 Wireless Hacking Tournament (Bangkok Thailand) |
| Tuesday, September 25 | | · | (IN)SECURE Magazine Issue 13 has been released |
| Tuesday, September 18 | | · | Uninformed Journal Release Announcement: Volume 8 |
| Tuesday, September 04 | | · | Turn Firefox into an ethical hacking platform |
| Friday, July 20 | | · | Can software pirates be stopped from cracking code? |
| Friday, May 18 | | · | Uninformed Journal Release Announcement: Volume 7 |
| · | Release of version 0.1m of RFIDIOt |
| Saturday, April 28 | | · | Penetration Testing Framework 0.4 released |
| Wednesday, April 04 | | · | SAP R/3 Penetration Testing Tool |
| Monday, February 26 | | · | Five Myths About Black Hats |
| Saturday, February 24 | | · | Penetration Testing Framework 0.24 released |
Older Articles
|
Manager- IT security in Canada (Canadian citizens or PR)