Archive for July, 2006
paypal email scams

I get these paypal email scams ALL the time. It is really just one of so many phishing scams that put up mock versions of legitimate financial services and institutions such as Wells Fargo, Western Union, Bank of America and others in order to trick some of their customers into giving up usernames, passwords and account information.

Notice that the URL adress bar goes to IP: 202.181.96.33

This IP goes to somewhere in Australia and not PayPal. NEVER go to these mock sites and give your information. If you think something maybe wrong with your account after receiving an email make sure you open a NEW BROWSER and type the url in your self.

Complex Ransomware Outsmarting the Anti Virus Industry

Heard about this tactic at the last ISSA-COS meeting:

The first piece of ransomware to use a sophisticated encryption algorithm, Gpcode.ac, was detected in January 2006 and used the RSA algorithm to create a 56-bit key. Since then, the author of Gpcode has released several increasingly complex variants of the virus and in June released Gpcode.ag, which used a 660-bit key.

read more | digg story

Gizmo Site Defaced by Anti Israeli Hackers

Front Page shows: “eno7 ownz your box”
“Lebanon-israel…STOP!”

What is this? Hacker’s for peace? Hackivism lives on.

read more | digg story

Secure messenger to guard against totalitarian governments

This looks very cool. With first world governments becoming more intrusive on their citizens, this seems like an interesting tool.

“Hacktivismo, a division of Cult of the Dead Cow, unveiled their latest application, ScatterChat, this week at the sixth HOPE conference.

ScatterChat is a secure instant messenging program which supports all major chat networks, second generation onion routing for anonymization, as well as end-to-end encryption for both chat and file transfers.”

read more | digg story

The Internet Is Your Next Hard Drive

“New Web-based services don’t just store your data online — they keep it synchronized across your laptop, desktop, and mobile phone.” — digg

Every year I find my self dependent on more and more geographically seperated systems and devices, so I totally agree with the article. My question is, won’t this eventually turn into a major privacy/security issue? For privacy, I imagine that governments around the world (particularly the more capitalistic, democratic ones) will find a way to data mine the data on Internet hosts. In the U.S., the law is already set up to make this happen (U.S.A Patriot Act).
Security is a no brainer. Having massive centralized locations for data could expose personal data to disgruntled workers that have (had) access to those data silos.

I imagine the best thing to do is maintain a small footprint and a low profile by keeping the data on your own Internet accessible servers. Of course the drawback is the time and possibly extra money it would take to do it right. Everything has a price.

read more | digg story

Cisco to be under scrutiny again at Black Hat

“Cisco Systems Inc.’s products will again come under scrutiny at this year’s Black Hat USA 2006 conference, which kicks off later this month in Las Vegas. Conference organizers say that 15 new exploits will be discussed at this year’s event and that two of them target NAC (Network Admission Control).”

Now if Cisco had any understanding of the importants of transparency with the technical community in this age of free information, they would break this news themselves and have solutions and mitigations to fix it. Instead they are too worried about the bottom line (the shareholders) which will take a hit anyway once the media gets a hold of it.

Mr. John Chambers, despite the security issues you’ve got great products, but get a clue about how to deal with these problems.

read more | digg story

Security Forums Directory

Easily locate forums and newsgroups related to security. Why isn’t elamb.org on there? Oh, well.

read more | digg story

Security Geek Fired By Suits: For Doing His Job?

“A security geek is fired by executive management after the company is broken into by thieves and lose nearly $100k in equipment. The security geek had previously recommended safety measures that would have presented this, but they were shot down by those same executives! Who should have been fired in this story?”

Looks like they used this security guy as a scape goat to protect their own asses.  Doesn’t documentation mean anything?!  Ultimately, it is that company that will suffer from keeping incompetent and untrustworthy people (if that is the case.)

read more | digg story

Why Subdomain Hosting is Bad

“A quick look at why offering non-reseller subdomain hosting is a bad idea and can expose your passwords to malicious hostees.”

I’m glad I stubbled across this. I was going to host on WordPress Mu, but now I think I’ll stick with Blogware until I can lock down WPMU. WordPress is a superior product (more intuitive, better SEO design ect) But WPMU is just too new. I don’t feel comfortable having a buch of customers on such a shake, new system. I will likely host my own set of blogs on it until all the major bugs are worked out.

read more | digg story

Intricate Steps of How to Hack Into a Computer

Here is a huge map that pretty much shows you all possible ways to gain entrance into a system. From finding exploits and scanning ports to password cracking. It shows all the likely paths you can take to hack into a computer and/or test out it’s security.

read more | digg story