Archive for June, 2008
Brass & Chrome Bath Fixtures & Accessories – $125 (Aloha) — REALLY NOT SURE On this one!*

*I was sent this by one of my readers. I’m really not sure if it is a scam or not. It actually seems more like a miss sent email.*

i am okay with the price of this item and the condition of items and we will like to make an outright purchase of this particular item immediately because we are in need of it and we want to get as soon as possible, I anticipate that a Money order will be sent to you via express mail or ups or Fedex as the mode of payment, concerning the pickup, i will be responsible for that, where the mover will come for the pick up at your location upon your confirmation of receiving the payment and i want you to remove this item from the ad now. So i will send the payment which will include the pick up charges, in which you will make payable to the mover via money gramm immediately after you have receive the payment and you will be compensated with $10 extra for your running around to the money gram outlet to avoid the delay. And I would really love to com e for the viewing but due to my work frame that might not be possible… …..and I will like you to>provide the following payment information as soon as possible;
full name …………………………………….
full home address (physical
zip >code……………………………………….
tel#…………………………………………..As soon as this is provided i will let you know when payment is mailed out and i will update you on when you will receive the payment and give you instructions on what to do….thanks and i hope we handle this in good faith……

CONTACT AGENT Dr.Edwin Thomspon *SCAM?*

Plot 8,Ahmed Way,
Victoria Island, Lagos Nigeria.

Good Day,

I am using this opportunity to thank you for your effort to our unfinished
transfer of fund into your account,I want to inform you that I have
successfully transferred the Cheque out of the company to someone else who
was capable of assisting me in this great venture .Due to your
effort,sincerity, courage you showed at the course of the transaction I
want to ompensate you with the sum of £350,000.00 (Three Hundred And Fifty
thousand Great British Pound).You are to contact the finance house for the
collection of the certified bank draft.

Dr.Edwin Thomspon
Tel: +234 8087787898

Hackers Crack London Tube’s Ticketing System

Dutch security researchers rode the London Underground free for a day after easily using an ordinary laptop to clone the “smartcards” commuters use to pay fares, a hack that highlights a serious security flaw because similar cards provide access to thousands of government offices, hospitals and schools.

There are more than 17 million of the transit cards, called Oyster Cards, in circulation. Transport for London says the breach poses no threat to passengers and “the most anyone could gain from a rogue card is one day’s travel.” But this is about more than stealing a free fare or even cribbing any personal information that might be on the cards.

Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.

read more | digg story

How To Completely Clean Your Hacked WordPress Installation

An excellent step by step guide helping you to completely clean out and restore a WordPress installation that has been hacked.

Getting hacked sucks, plain and simple. It can affect your rankings, cause your readership to be exposed to virus and trojan attacks, make you an unwilling promoter to subject material you may not actually endorse, and in many cases cause the loss of valuable content. However, once it happens it is usually best to not procrastinate on the clean up process, since a speedy restore will most times minimize the damage that was caused.

While almost all sources will recommend that you upgrade your WordPress to the latest version, what the majority neglect to tell you is that in most cases simply doing so will not prevent the attackers from getting back in, even if there are no known exploits with the latest version. The hackers may have left a back door file hidden in a directory where it wouldn’t get overwritten with an upgrade, or inserted code into your theme, or simply created an account that they then granted admin privileges to. Any one of those would allow them back in, even after you patched what was wrong the first time. Therefore I am providing this step by step process on how to completely clean out and restore a WordPress installation that has been hacked.

read more | digg story

The Value of a (Ethical Hacker) Certification

Ok, I admit it. I have totally slacked off on getting that CEH certification. I’ve had the boot camp, I’ve amassed lots of great books and resources, I’ve even talked to some people who have passed it, but I still haven’t been consistent about studying. For a while I was pretty consistent. I read the Official Study Guide and started working on an Unofficial one.

Why don’t I have that cert yet? I suppose I just don’t feel I have a reason to have it. It would just be for show because I don’t really do pen testing. ’d like to, but in my job, I don’t usually have the opportunity to do it or reason to do it. I’ve already got the CISSP so I don’t need the CEH for some kind of prestige. Many hackers piss on certifications they are not impressed with them and are willing hurt anyone who flashes the credentials. The CISSP trumps most certification. The only real benefit for me getting it is that it would force me to get more familiar with tools like netcat and Snort which I don’t use enough. I am interested in cyber kung fu. Lately, I have been more drawn to the scientific and mathematical side of technology.. the side where the innovation are born, not just mastered. I’ve been sharpening up my math skills and plan on getting into Computer Science, Electrical Engineering or physics.

I haven’t decided whether I want to take the CEH because I want to do something that has more depth. I suppose I could complete the CEH, go through Computer Science and specialize in security/crypto/info assurance and follow in the foot steps of Bruce Schneier and Steve Gibson. In the beginning, certifications were definitely a step up, but I’m in a place now where they are just ornaments, flashy bobbles I could decorate my name with when I need an ego boost. If my wife and kids are giving me lip I can say, “don’t you know I am a CISSP, A+, B, C, D, E, F, G. You MUST respect my awesome test taking ability!”

I’ve said it before, I think certifications can be of great value. If you work for the Department of Defense in IT you pretty much MUST have one (per DoD 8570). Certifications can give you that extra edge against competing employees in the private sector. Problem arise when the IT certifications value is taken out of context. Like the 8570 which makes it mandatory to have a certain certification regardless of your experience and/or degrees. That is a bit much. Not everyone who passes the CISSP can configure a firewall properly. But perhaps thats the reason the DoD wants system specific certification.

New Trojan Leverages Unpatched Mac Flaw

A tool for exploiting an unpatched security hole in Mac OS X systems has been developed and until earlier today was being distributed through an online forum that caters to Mac hackers, Security Fix has learned.

I agree with digg user, powerofthor:
I would never wish a virus on anyone, but I have gotten pretty tired of Mac users bragging about the invulnerability of Macs to infiltration. The thing about it is, Macs until recently have simply not had the market share to justify an attack. Yes, their virus defense is also strong, but it seems relatively untested.

read more | digg story

The rise of “intelligent” CCTV

I think its great that we have better technology in security. What is disconcerting are laws like the Patriot Act and FISA bill which take right from citizens for the sake of more security. With this increased technological power in security, there needs to be more balance, but it seems the rights of citizens (particularly privacy and civil liberties) are taking a back seat to all manor of political will. All this powered by the fear of terrorism after 9/11.

I’m not saying we should not be more cautious or more aware. I’m not saying that more security is not necessary. What I am saying is that Taking away liberties is not necessary. And even if you feel it is necessary to spy on all citizens indefinitely to “catch terrorist” shouldn’t there be checks and balances on the watchers. Who will watch the watchers? How will we ensure that their powers are not abused.

New Technologies:
Smart CCTV – There are now smart security cameras with pattern recognition that allow them to alarm when some one does something suspicious such as climb a fence, or put down a bag and walk away. That technology has been developed by companies like ObjectVideo Inc. Defense Advanced Research Products Agency (DARPA) hopes to take it a step further by creating systems that can learn everyday patterns and send alarm when things are outside of their known pattern, also known as anomaly detection.

read more | digg story

What Privacy Policy?

Company security and marketing executives differ on how to handle customer data.

Companies are in the business of selling your personal information. You that little Privacy Statement that your credit card company send to you. If you read the fine print, they are usually telling you that they are about to send your personal information to their “partners” an/or third party organizations unless you send them a written document to opt out.

I got one from Dexonline once. The law seems to favor these corporations, because it can be difficult to get off of all these lists. Its like a Anti-Privacy Virus. Once one company has your data, they send you information to there third party partners (with your silence as permission) then the third party vendors attempt to sell you an item and do the same thing (with your sheep like compliance) and so on. Pretty soon your personal information is on 10 or 20 revolving marketing lists.

I’m not opposed to some solicitations, but US law is pretty flimsy on the privacy of individuals. The CAN-SPAM act is just no enough anymore. Consumer should have to sign-up not just opt-out in written form via mail. But what happens is that companies like Comcast, AT&T, Visa, Master Card and many, many others put their right to give out your information right in the USER Agreement (which nobody reads). Since there are few alternatives that protect your privacy, they don’t feel any pressure to side with your privacy. By law, they have to provide a method of opt-out prior to selling your information, but like I said, I don’t think its enough.

Local government privacy is even worse, I’ve been reluctant to write about it because I fear that I will make it easier to for more bad guys to do bad things just because they can.

read more | digg story

The Most Powerful Computer on Earth

IBM’s latest supercomputer crunches numbers at enormous speeds–and will soon be put to use for nuclear warfare.

read more | digg story

Why Global Hackers Are Nearly Impossible to Catch

They’re in our computers, reading our files. The Chinese government, that is, according to two U.S. Congressmen who recently accused Beijing of sending hackers to ferret out secret documents stored on Congressional computers. The Chinese deny any involvement, but if they were lying, would we be able to prove it?

read more | digg story