Phlash Dance: phlashing
June 9, 2008
Phlashing allows you to damage hardware over the Internet. This is something new and consists of flashing, as in changing the firmware, or computer code in chips on your motherboard, controller cards or other hardware. Since more modern systems allow flashing firmware over a network for quick updates, this is now an exploitable vulnerability. Previously, you had to “flash” those computer chips from the machine that contained them.
There are security features in hardware to prevent this kind of vandalism, but unfortunately some flaws enable hackers to flash destructively. Phlashing code has already been developed by security researchers and hackers. Phlashing attacks are not easy and will likely not be common, however its a possible glimpse of the coming storm of weapons of cyber destruction.
“Phlashing” attacks could render network hardware useless
Most computer security coverage focuses on the PC realm, but Rich Smith, head of HP’s Systems Security Lab, has identified a potential security flaw within a network’s physical hardware rather than a typical desktop or server system. Smith’s report focuses on a class of devices he refers to as Network Enabled Embedded Devices (NEEDS for short), and how such systems could be attacked at the firmware level through a process he refers to as “phlashing.” - more at Arstechnica
Popularity: 2% [?]
LifeLock Guy Hacked :(
May 22, 2008
I think this is a sad day. A sad day indeed. Todd Davis, CEO of Lifelock (his social security #457-55-5462). Todd Davis has promoted his company by advertising his social security number on the web, radio, tv and billboard signs.
My name is Todd Davis
My social security number is 457-55-5462I’m Todd Davis, CEO of LifeLock, and yes, that’s my real social security number*. Identity theft is one of the fastest growing crimes in America, victimizing over 10 million people a year and costing billions of dollars. So why publish my social security number? Because I’m absolutely confident LifeLock is protecting my good name and personal information, just like it will yours. And we guarantee our service up to $1 million dollars.”
While I’ve always thought that it was a risky way to promote one business (lol), I’ve always believed that it was a good idea. What they do is monitor your credit card and fico information and alert you if there is anything suspicious. It works (you can also do your self for free). But the Life lock service doesn’t protect you 100% from identity theft.
Some guy in Texas took Todd’s personal information and used it for a pay day load (there is not system to actively keep track of the Payday loan market). So the guy was able to get $500. When it was time to pay back the Payday loan (+1million% interest or whatever it is) the Payday store called the REAL Todd Davis (social security #457-55-5462). I think its unfortunate because it seems like a pretty good service. They are one of the few organizations in the U.S. actually trying to help people take on what is now and epidemic with now grassroots effort to slowdown ID theft and financial fraud.
Although Todd Davis was hacked, I believe their product will still be an effective way to be proactive method of protecting yourself from ID theft & financial fraud. But you should definitely take extra steps to safe guard your personal information. Don’t advertise your social security, your physical address, phone number, birthday or critical information.
Its $10 a month. I’m thinking of doing it just so I can contribute to their cause.
Popularity: 3% [?]
Computers Hacking People ver 2.0
May 10, 2008
I honestly think you ought to calm down; take a stress pill and think things over. – Hal, 2001 Space Odyssey
Information Systems will eventually have the infrastructure and ability to “socially engineer” its creators. This is far fetched science fiction blooming before our very eyes being created by our own hands.
It will happen when three criteria are in place: 1) The creation of laws that can completely disregard the privacy and sovereignty of human beings. 2) The advancement of Information Awareness System and 3) Smart Artificial Intelligence
LAWS
Lets discuss the situations that will give governments the pretext to implement laws to track their citizens. This is happening now. Laws and systems are being created for unchecked monitoring of individuals under the guise of security, safety and prosperity. Systems such as national ID cards.
They were implemented after the Sept 11 attacks on the World Trade Center and in the U.K. after the 7 July attacks in London.
It was 19th Century philosopher Samuel T. Coleridge who said, “In politics, what begins in fear usually ends in folly.”
Imagine it: The PATRIOT ACT IV is passed as a result of recent Critical Infrastructure cyber-terrorism attacks. International terrorists implement a globally synchronized Distributed Denial of Service Attack against the worlds Root nameservers and successfully cripple the Internet for three days. The impact is devastating as corporations lose billions.
Domestic Cyber Terrorists infiltrate hospitals by becoming apart of the staff only to socially engineer and infecting HIPPA protected networks with virus’ that wipe out databases and actually scramble prescriptions causing an array of death by misdiagnoses.
Local police and security personnel repeatedly thwart numerous attempts by religious fundamentalists to detonate suit case sized tactical nuclear weapons inside major United State cities but security professionals predict that it is only a matter of time before at least one slips through the cracks. All the enemy needs is one.
Patriot Act IV is the patron saint of lawmakers who have been screamed at by constituents to “DO SOMETHING NOW!” The new Patriot Act is eventually internationally accepted and allows for unrestricted Data Mine into commercial and state owned databases worldwide (US-EU). It of course has deferent names and variations world wide but its application is the same. In the United Kingdom it is called the Civil Contingencies Bill. The data mining would tap into the “transaction space” by accessing hospital, financial transaction and legal databases world wide to be shared by all law enforcement agencies (county, federal, city local and international). The system works like a global Amber Alert system that can track criminals anywhere in the world and notify the respective local agency immediately. The system works very, very well.
I honestly think you ought to calm down; take a stress pill and think things over. – Hal, 2001 Space Odyssey
Information Systems will eventually have the infrastructure and ability to “socially engineer” its creators. This is far fetched science fiction blooming before our very eyes being created by our own hands.
It will happen when three criteria are in place: 1) The creation of laws that can completely disregard the privacy and sovereignty of human beings. 2) The advancement of Information Awareness System and 3) Smart Artificial Intelligence
LAWS
Lets discuss the situations that will give governments the pretext to implement laws to track their citizens. This is happening now. Laws and systems are being created for unchecked monitoring of individuals under the guise of security, safety and prosperity. Systems such as national ID cards.
They were implemented after the Sept 11 attacks on the World Trade Center and in the U.K. after the 7 July attacks in London.
It was 19th Century philosopher Samuel T. Coleridge who said, “In politics, what begins in fear usually ends in folly.”
Imagine it: The PATRIOT ACT IV is passed as a result of recent Critical Infrastructure cyber-terrorism attacks. International terrorists implement a globally synchronized Distributed Denial of Service Attack against the worlds Root nameservers and successfully cripple the Internet for three days. The impact is devastating as corporations lose billions.
Domestic Cyber Terrorists infiltrate hospitals by becoming apart of the staff only to socially engineer and infecting HIPPA protected networks with virus’ that wipe out databases and actually scramble prescriptions causing an array of death by mis diagnosis.
Local police and security personnel repeatedly thwart numerous attempts by religious fundamentalists to detonate suit case sized tactical nuclear weapons inside major United State cities but security professionals predict that it is only a matter of time before at least one slips through the cracks. All the enemy needs is one.
Patriot Act IV is the patron saint of lawmakers who have been screamed at by constituents to “DO SOMETHING NOW!” The new Patriot Act is eventually internationally accepted and allows for unrestricted Data Mine into commercial and state owned databases worldwide (US-EU). It of course has deferent names and variations world wide but its application is the same. In the United Kingdom it is called the Civil Contingencies Bill. The data mining would tap into the “transaction space” by accessing hospital, financial transaction and legal databases world wide to be shared by all law enforcement agencies (county, federal, city local and international). The system works like a global Amber Alert system that can track criminals anywhere in the world and notify the respective local agency immediately. The system works very, very well.
Information Awareness Systems
The system, developed under the direction of John Poindexter, then-director of DARPA’s Information Awareness Office, was envisioned to give law enforcement access to private data without suspicion of wrongdoing or a warrant. — Electronic Privacy Information Center.
Government funded unrestricted Data Mining and Information Awareness programs develop and run revolutionary Information Awareness Systems. Despite public opinion, these National Security systems continue to work to protect the nation against enemies foreign and domestic. The system extracts data from its transactional databases and recognizes patterns of behavior that would fit that of a terrorist. The system is so exhaustive that is works with 70% accuracy and seamlessly in conjunction with systems such as Next Generation Facial Recognition systems and Activity, Recognition Monitoring for enhanced surveillance.
Artificial Intelligence
Within thirty years, we will have the technological means to create superhuman intelligence. Shortly after, the human era will be ended. – Vernon Vinge, 1993, What is the Singularity?
Artificial Intelligence has been in use for many years. It is greatly relied upon for businesses, hospitals, military units and even in forms of entertainment such as video games. However Strong Artificial Intelligence, the development of cognitive systems simulating the human brain, have been developing quietly in research labs around the world under programs dedicated to the “scientific understanding of the mechanisms underlying thought and intelligent behavior and their embodiment in machines. (AAAI)”
Smart Information Awareness is Strong Artificial Intelligence merged with Information Awareness Systems. Smart Information Awareness seems to go beyond merely recognizing patterns of behavior as it predicts the future actions of a given psychological profile with over 75% accuracy allowing Law Enforcement to be like an all seeing eye with incredible new methods of forensics and counterterrorism. Crime as a whole will be greatly reduced. System that recognize criminal patterns have been around for some time, Smart Information Awareness systems are a new trend.
The Smart Information Awareness system is so accurate in determining human behavior trends that it is used to track and manipulate consumer buying habits for corporations. With its accuracy, the system will be able to determine what marketing tools can be used to influence the behavior of buyers.
With unfettered access to consumer’s personal transactions, buying habits, methods of payment, and credit history a system would be able to pin point buyers who demonstrate interests in certain products and offer “special deals” a specific group of highly interested buyers.
Inevitably the very system (laws, practices and technologies) that successfully protects humanity from itself is used to manipulate and exploit humanity.
Perhaps you believe that there is nothing wring with this level of target marketing. If so, I submit to you these questions: What will separate humanity from cattle if every man, woman and child is seen as nothing but a number and a consumer to the system that we rely on to survive? Since we are already regarded as merely numbers and consumers by the corporate beast, how much control and information will we allow them to have?
Perhaps this is a bit much. Perhaps I exaggerate the technology and extent of fear that will breed it.
http://www.p2pnet.net/issue03/page1.html
http://www.jbholston.com/weblog_discussion.php?post_id=74
Statewatch.com - Secret EU-US agreement being negotiated. http://www.statewatch.org/news/2002/jul/11Auseu.htm
http://www.eff.org/Privacy/TIA/20030523_tia_report_review.php
nin - TheSlip (thanks Trent)
Ray Kurzweil @ Google Zeitgeist
Eschelon TIA - Total Information Awareness
Popularity: 3% [?]
Farmers & Merchants Bank $50 survey scam
April 29, 2008
Farmers & Merchants Bank is REAL, however there is a phishing email going around claiming to be from this financial organization.
Congratulations!
Dear Customer,
You’ve been selected to take part in our quick and easy survey
In return we will credit $50.00 to your account - Just for your time!
Please spare two minutes of your time and take part in our online survey
so we can improve our services.
Don’t miss this chance to change something.
To continue click on the link below:
https://www.f-mbank.com/index.html=survey
©
Copyright © Farmers & Merchants Bank
MESSAGE FROM Farmers & Merchants Bank
Information Security is a top priority of Farmers & Merchants Bank. You will never be asked to furnish personal information via an email or any other electronic means.
Some of our Customers have received e-mails asking them to complete a survey for a $50.00 credit and asks for your Credit Card Information including your Personal Identification Number. These e-mails are not from Farmers & Merchants Bank.
If you are ever asked to furnish personal information, please ignore the request and delete the email immediately. Farmers & Merchants Bank will never ask you for confidential information electronically.
If you have any questions, please contact us at 256-447-9041.
Popularity: 2% [?]
Malware Alarm
February 22, 2008
A friend of mine wanted me to do some work on her computer, but when I fired up the computer all I saw was Malware Alarm.
The computer was really slow and essentially un-usable. Malware alarm, I noticed, looks a lot like the scamware PS Guard and SpySheriff. These are applications that pretend to be anti-virus, anti-spam software that actually infect your system with spyware, mass-mailers, and backdoors into your system. This type of the malware is known as a trojan. As usual any attempts to shut this application down or minimized it are useless because even if you do manage to get anything else up, it will eat up so much system resources (CPU, memory, bandwidth) that the computer itself is close to useless. It you delete it in normal mode and miss a part of it, it will regenerate itself like a hydra.
After looking at the Task Manager (which took 20 minutes or so), I decided to reboot in “safe mode”. Unless your system has something like a Rootkit (malware that replaces the main component of your operating system) Safe Mode only turns what is needed and nothing else. I used system restore to remove Malware Alarm. And Spybot Search and destroy/Adaware to remove everything else.
System Restore should be used first because it is easiest and does require any additional software.
1) Reboot in Safe mode: Restart system, hit F8, select “Safe Mode”
2) Proceed in Safemode: When prompted (as in the picture above) Select “NO”
3) Restore Wizard: Select a date prior to when you recieved the malware (system restore does not delete newly downloaded files, only new changes in the registry)
Popularity: 5% [?]
Sysadmin tries, fails at being l337 hax0r, gets jail time
January 16, 2008
A 51-year-old sysadmin has gotten a record jail sentence after attempting (and failing) to write code that would have destroyed everything on one of his company’s servers.
Digger SalineMist:
You just know the other admin found it like this:
#
# SECRET CODE FOR REVENGE
# last change Andy Lin 4/20/2004
#
lol
Digger 89Vision:
Samir: I have a question.
Peter Gibbons: Yes?
Samir: In… in these conjugal visits, you can have sex with women?
Peter Gibbons: Yep, you sure can.
Samir: OK, I’ll do it.
read more | digg story
Popularity: 4% [?]
GMail Security Hole Allowed Malicious Hacker to Invade the Life of a Blogger
December 25, 2007
Mr. David Airey a blogger and designer from UK had his site Hacked by some useless bastard. This gmail hacker set up a malicious site that exploited a security flaw in gmail to set up an email filter that autoforwarded all David’s emails to another malicious email account. Although Google has appearently fixed the problem, if you have been affected by one of these malicious webpages the filter may still be in your gmail account. David Explains how to find it and get rid of it:
MPORTANT: If you use GMail, it’s absolutely vital that you check your account settings now.
Here’s what to do:
When logged into GMail, click on the ’settings’ tab in the upper right of the screen. Then check both the ‘Filters’ and the ‘Forwarding and POP’ sections.
Get more information from David Airey.
Right now David is fighting to get his domain back legally after refusing to be manipulated by the gmail hacker.
To David,
Good on you, man! And as bad as it is, I’ve been emailed a couple of people who have lost thousands from hackers. I’ve been on the receiving end of these desperate criminals too… and like you I choose to use my blog like a gun.
Popularity: 4% [?]
Technorati Tags: David Airey, site, gmail
Hacking World of Worldcraft
June 27, 2007
Social Engineering a N00b Party
I had a level 11 Mage. My level 20 friend (who happened to be female) was teaching me how to play the game. Some level 43 guy started hitting on my escort. Feeling playful, I challenged him to a duel. He turned his back on me while I threw blows for like 10 minutes and had no effect.
One spell did work though, Polymorph (only for about 5 seconds though). I turned him into a sheep. This must have really pissed him off because what he did next was devious.
He finally finished me off and then quickly made friends with our two person party. He hung out with us for a little while, the whole time flirting with my friend. Then he told her that I was talking shit about her to him on whisper mode. Not true at all. But worked. She got really mad and disband from the party.
He tried to do other stuff to my character but I was just a trial account so all he had left to do was laugh at me: “Ha Ha I just scored with your friend.”
Here is a pretty good article addressing some cool hacks (cheats) that have been done on WoW. The article is on theRegister and its called, Hacking WoW and the pursuit of knowledge
change a character’s X, Y and Z coordinates to give the illusion of flying or move to a more advantageous location
Automated Spawn Camping - code to automate a character’s task of camping outside a cave in wait of monsters and stabbing them when they appear. A player who runs the bot shortly before going to bed can awake to find the character has pocketed plenty of gold left behind by the felled beasts.
Create bot characters that can send you IMs to your cell phone
*atchung: some hacks such “spawn camping” will get you labeled a filthy cheater, a taboo as untouchable in the world of online gaming as a pedophile or 18th century horse thief. hack at your own filty risk.
Popularity: 6% [?]
DHS acknowledges own computer break-ins
June 23, 2007
WASHINGTON — The Homeland Security Department, the lead U.S. agency for fighting cyber threats, suffered more than 800 hacker break-ins, virus outbreaks and other computer security problems over two years, senior officials acknowledged to Congress.
In one instance, hacker tools for stealing passwords and other files were found on two internal Homeland Security computer systems. The agency’s headquarters sought forensic help from the department’s own Security Operations Center and the U.S. Computer Emergency Readiness Team it operates with Carnegie Mellon University.
more here
Popularity: 3% [?]
Ahmadinejad’s blog hacked and defaced
January 24, 2007
“Iranian President Mahmoud Ahmadinejad’s Blog we dealt with last week”
Ahmadinejad has a blog?! I wonder who else within the “axis of evil” has blogs. Chavez? Kim Jong Il?
Popularity: 5% [?]
