Archive for December, 2007
GMail Security Hole Allowed Malicious Hacker to Invade the Life of a Blogger

Mr. [tag]David Airey[/tag] a blogger and designer from UK had his [tag]site[/tag] Hacked by some useless bastard. This [tag]gmail[/tag] hacker set up a malicious site that exploited a security flaw in gmail to set up an email filter that autoforwarded all David’s emails to another malicious email account. Although Google has appearently fixed the problem, if you have been affected by one of these malicious webpages the filter may still be in your gmail account. David Explains how to find it and get rid of it:

MPORTANT: If you use GMail, it’s absolutely vital that you check your account settings now.

Here’s what to do:

When logged into GMail, click on the ’settings’ tab in the upper right of the screen. Then check both the ‘Filters’ and the ‘Forwarding and POP’ sections.

Get more information from David Airey.

Right now David is fighting to get his domain back legally after refusing to be manipulated by the gmail hacker.

To David,
Good on you, man! And as bad as it is, I’ve been emailed a couple of people who have lost thousands from hackers. I’ve been on the receiving end of these desperate criminals too… and like you I choose to use my blog like a gun.

read more | digg story

Big Brother Is Listening … And Listening … And Listening

“The NSA intercepts entire streams of electronic communications containing millions of telephone calls and e-mails. It runs the intercepts through very powerful computers that screen them for particular names, telephone numbers, Internet addresses, and trigger words or phrases. Any communications containing flagged information” are analyzed.

read more | digg story

Paper: disregard for customers, DMCA led to Sony CD rootkit

A new paper revisits the Sony rootkit debacle, trying to understand how Sony BMG decided to pack its CDs with two problematic forms of copy protection. Did Sony make an honest mistake or take a calculated risk?

read more | digg story

*SCAM* British National Lottery Christmas (BNL Notification) *SCAM*

*SCAM******************************************************

Attention!!!

Your email address has emerged as one of the winning email accounts in
the just
concluded [tag]British[/tag] National Lottery Christmas Draw. Prize attached is 250,000
Pounds. Draw number is #147,send your personal information as requested for
below:

Name:
Address:
Sex:
Nationality:
Country of residence:
Telephone number:
Cell phone number:

Contact him using his details below:
Name: Mr.Ashley Baker

*SCAM* Do not Send your personal information to these people *SCAM*

uCertify Software – IT Certifications

Warning: Shameless promotion of a kick ass product!!

I recently got a chance to test drive uCertify’s IT certification software. I loaded the CY0-101, Security+ PrepKit. I must say I like the software and I am thinking of getting the MCSA from them (think I only have to take two test to complete it). It features the usual breakdown of how you performed in each of the tests objectives. It also has Flash cards that allow you to type in answers to key points on the test… I don’t recall seeing that feature on other certification software.

The pricing depends on the tests you get. But its in the double digits so its a cool little investment toward a bright future. For those of you who are serious about certifications you know that the software (such as transcender – aka the software that must not be named), boot camps and training material can cost 100’s or even 1000’s of dollars.

I think that software such as uCertify is a good start toward attaining a new cert (although you can never replace a solid year of experience).

As for the CY0-101.. I believe Security+ will be changing their objectives sometime in 2008. Hopefully, uCerty will keep up with that. Comptia sent me a few surveys about the change and a couple of co-workers that are being pushed to get the Security+ told me that they want to get it before it changes.

My honest opinion is that software like uCerts Prepkits are great for gauging your level of preparation. I also recommend that you use more than one gauge (particularly on the bigger tests such as CISSP).

MI5 alert on China’s cyberspace spy threat

The Government has openly accused China of carrying out state-sponsored espionage against vital parts of Britain’s economy, including the computer systems of big banks and financial services firms.

In an unprecedented alert, the Director-General of MI5 sent a confidential letter to 300 chief executives and security chiefs at banks, accountants and legal firms this week warning them that they were under attack from “Chinese state organisations”.

More –> mi5

RECORD NUMBER OF AMERICANS JAILED

The Justice Department reported in November that a record 7 million people — or one in every 32 adults in the U.S. — were behind bars, on probation or on parole at the end of last year. Some 2.2 million Americans were in prison or jail on Dec. 31. 2005, but there was little coverage of this population’s 2.7% rise from the previous year or of its eight-fold increase since 1975 — http://www.time.com/time/topten/2006/underreported/07.html

The SISSU process

I finally starting to understand where the AF is going with the SISSU process. Its implemented in EITDR which pretty much walks you through what is needed for DIACAP, IA Controls, FISMA requirements, IPV6 and everything else.

The system really could work if AFCA can manage it a little better. I just hope the C&A process is faster.

What is W32 Myzor?

malwareW32 Myzor is a part of a family of “Scamware”. These are trojans that pose as anti-virus/anti-spyware appliations that actually install malware on to your computer (viruses, worms, mass emailers). They attempt to gather your personal information and scare you into purchasing some shitty malicious software (no offense to adds running on this site).

W32.Myzor.FK@yf virus. The warning are fake. Your system probably is infected but it is infected because a myzor variant put it there. The balloon about “You computer is infected”, is not real.

go to the following for more:

w32 myzor
w32 myzor fk
w32 myzor fk yf

China OUBEN Company Import & Export Co., Ltd *SCAM?*

Sounds like a SCAM to me!

Compliments of the day to you,

I represent China OUBEN Company Import & Export Co., Ltd based in
China, and we export jewellery into Canada, America and Brazil . For
this we are recruiting representatives who can help us establish a
medium of getting to our customers in Europe and North America as well
as making payments through you as our payment officer. It is upon this
note that we seek your assistance to stand as our representative in
your country.

Note that, as our representative,you will receive 10% of whatever
amount you clear for the company and the balance you will be instructed
on proceedings to come. We look forward to expanding worldwide before
the year 2009 and do hope you could be part of the company’s
development.

Please, to facilitate the conclusion of this transaction if accepted,
do send
promptly via email the basic requirements provided underneath to
commence
registration processes: if you are ! interested please write to the
following email address(info_ouben02@yahoo.com.cn)
(1) Your full names………………………….
(2) Contact address and……………………
(3) Phone/fax numbers………………………….
(4)Age:…………………………
(5)Sex…………………………….
(6)Occupation:…………………….

Thank you for your time.

Warm Regards,
Mr. Cheng Lui
China OUBEN Company