Penetration testing Footprinting, scanning
October 6, 2008
The second installment of a six-part penetration testing tutorial for consultants and VARs that discusses three important information gathering processes for penetration testers.
Together, the three pre-test phases are called reconnaissance. This process seeks to gather as much information about the target network as possible, following these seven steps:
Gather initial information
Determine the network range
Identify active machines
Discover open ports and access points
Fingerprint the operating system
Uncover services on ports
Map the network
read more | digg story
Popularity: 1% [?]
New surveillance program will turn military satellites on US
October 6, 2008
An appropriations bill signed by President Bush last week allows the controversial National Applications Office to begin operating a stringently limited version of a program that would turn military spy satellites on the US, sharing imagery with other federal, state, and local government agencies.
read more | digg story
Popularity: 1% [?]
Osama Hanged (virus)
October 2, 2008
*verified with snopes.com and about anti-virus*
Emails with pictures of Osama Bin-Laden hanged are being sent and the
moment that you open these emails your computer will crash and you
will not be able to fix it!
1.) If you get an e-mail along the lines of ‘Osama Bin Laden Captured’
or ‘Osama Hanged’ , don’t open the Attachment!!!!
This e-mail is being distributed through countries around the globe,
but mainly in the US and Israel.
Be considerate & send this warning to whomever you know..
PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS.
2.) You should be alert during the next few days:
Do not open any message with an attached file called ‘Invitation’
regardless of who sent it.
It is a virus that opens an Olympic Torch which ‘burns’ the whole hard
disc C of your computer!!!!
This virus will be received from someone who has your e-mail address
in his/her contact list, that is why you should send this E-Mail to all
your contacts.
It is better to receive this message 25 times than to receive the virus
and open it.
If you receive e-mail called ‘invitation’, though sent by a friend. Do
not open it!!! Shut down your computer immediately!!!!
This is the worst virus announced by CNN, it has been classified by
Microsoft as the most destructive virus ever.
This virus was discovered by McAfee yesterday, and there is no repair
yet for this kind of virus.
This virus simply destroys the Zero Sector of the Hard Disc, where the
vital information is kept.
Popularity: 1% [?]
Researchers disclose deadly cross-platform TCP/IP flaws
October 2, 2008
DoS attacks have been around ever since the first caveman hacker decided to attack the first caveman network engineer’s TCP/IP network. Much like sharks, DoS attacks have survived the passage of time by being very good at what they do, and while they’ve spawned offspring (direct denial-of-service attacks, or DDoS), the original version remains aliv
read more | digg story
Popularity: 1% [?]
Check if Your Gmail is Hacked with Activity Monitor
October 2, 2008
This time I want to go over one new Gmail feature. It watches your account and displays a notification when someone else logs into your account. Basically a nice little feature from Gmail team that lets you check if someone has hacked into your Gmail account.
read more | digg story
Popularity: 1% [?]
Hole in Adobe software allows free movie downloads
October 1, 2008
A security hole in Adobe Systems Inc software, used to distribute movies and TV shows over the Internet, is giving users free access to record and copy from Amazon.com Inc’s video streaming service.
read more | digg story
Popularity: 1% [?]
state Corporate Compliance fraud
September 30, 2008
HA! They almost got me! I had a $150.00 USD check ready made out to “Corporate Compliance”. The envelope was wet with my spit and just about to be sealed until I read the print in bold at the bottom:
Requirement code 3001. This is a Solicitation for the order of goods or services, or both, and not a bill, invoice, or statement of account due. You are under no obligation to make any payment on account of the offer unless you accept the offer. Requirement B&P Code 17533.6This Product or service has not been approved or endorsed by any government agency, and this offer is not being made by an agency of the government..
Translation: You don’t HAVE to send us money.. we are not affiliated with the government.. we just want your money.. our service is that we are asking for money. *SCAM*
Annually, I have to file documents to keep my corporation compliant with state & federal law. Although I know this is something that can be done online with my state (Colorado), I usually procrastinate until I completely forget about it. So it is convenient to get the occasional mail reminding me to file. The state usually send a post card with a reminder and a link to their .gov site. The “Office of Corporate Compliance” sends a message telling you the importance of filing your “Annual Corporate Minutes”. They offer to do it for $175 (check or money order). The only problem is that states don’t require minutes filed with them. You are supposed to keep minutes, and other corporate records.. but they are not submitted anywhere. My state requires a re-statement of my Articles of Incorporation (annually over the ‘Net).
I’ll hand it to them, “Office of Corporate Compliance” seal looks authentic at the glance. Once I found out that this was indeed a scam, I realized that they could be doing this in EVERY single state and making a small fortune. If you Google it, you’ll see that they really are doing it all over the nation. They’ve probably been doing it for years.
My question is, how and why has this been allowed to flourish. Each state puts out some sort of can response about it:
Recently, an entity calling itself “[STATE] Corporate Compliance” mailed solicitations entitled “Annual Corporate Minutes Compliance Filing” to numerous [state] corporations. This solicitation offers to complete corporate meeting minutes on behalf of the corporation for a fee. Despite the implications contained in the solicitation, [state] corporations are not required by law to file corporate minutes with the Secretary of State.
Why can’t the state governments come down on this 50 state scam? Perhaps “Corporate Compliance” wording is such that there is nothing the states or any other government can do ANYTHING about.
Heres how I think their scam works:
1) They set up a P.O. Box in each state with corresponding state header on envelops and letters.
2) Search each states corporate data base for corporations with the status (delinquent or non-compliant.. this means the corp. in question did not restate their annual articles of incorporation.)
3) They send the appropriate state letter to the delinquent corporations
4) The corporation pays and send to the P.O. Box that is already typed on the self addressed envelop inside
5) The P.O. Box forwards to the real address of the creators of this system (or franchisers)
Reverse PO Box Lookup
US Post offices will disclose the forwarding location of corporate entities PO Box. So I think I will do one and advertise them right here on this site. I think that there is only one company (or group) behind this mail fraud.
Who is Corporate Compliance Filings, Inc?
I did a Google search for the company and came up with only one organization named Corporate Compliance, the name The Office of Corporate Compliance asked to be put on the checks. The only way they can cash the check is to have an actual corporate entity. Here it is: http://www.corporatecompliance.com/ –> Although there should be a crime against having a terribly shitty 90’s site, I can’t yet pin the scam to these guys… I simply don’t have any evidence at all pointing to this particular site.
When I did a search on the New York business database (where this 90’s Internet Corporate Compliance is from) I noticed that their were two entities with that name: CORPORATE COMPLIANCE FILINGS INC. (foreign entity) & CORPORATE COMPLIANCE LTD (domestic). But then I noticed that Corporate Compliance Filings Inc. is also in the California business database, Colorado business database and all the others.. each one does not list other entities or foreign entity as the registered agents in an attempt to avoiding naming individuals.
If you search the databases you’ll see that they use: CORPORATE COMPLIANCE FILINGS INC., Corporation Compliance Recorder, CORPORATE COMPLIANCE CENTER
The Colorado Secretary of State’s office has recently become aware that an additional entity, “California Corporate Services”, has mailed solicitations titled “Annual Minutes Disclosure Statement” to businesses in Colorado. These solicitations are similar to those mailed to businesses by “Colorado Corporate Compliance” and “Board of Business Compliance” titled “Annual Minutes Disclosure Statement” or “Disclosure Statement”. These solicitations offer to process corporate meeting minutes on behalf of the corporation for a fee. Despite the implications contained in the solicitations, Colorado corporations are not required by law to file corporate minutes with the Colorado Secretary of State’s Office.
California Corporate Compliance
In very fine print, the document usually has a disclaimer, such as:
“CA Business & Professions Code Sec 17533.6 This service has
not been approved or endorsed by any government agency, and
this offer is not being made by an agency of the government.”
California Corporate Headquarters, Compliance Division
California Addresses:
CALIFORNIA CORPORATE COMPLIANCE
Business Division
3053 Freeport Blvd #310
Sascramento, CA 94518
State Corporate Compliance
916 J Street
Sacramento, CA 95814-2703
form was 4780C
Corporate Compliance Filings
9175 Keifer Blvd # 336
Sacramento, CA 95826
California Corporate Headquarters
Compliance Division
2443 Fair Oaks Boulevard #539
Sacramento, CA 95825
CA-FORM AMDS-03
Massachusetts Corporate Compliance
Recently, an entity calling itself “Massachusetts Corporate Compliance” mailed solicitations entitled “Annual Corporate Minutes Compliance Filing” to numerous Massachusetts corporations. This solicitation offers to complete corporate meeting minutes on behalf of the corporation for a fee. Despite the implications contained in the solicitation, Massachusetts corporations are not required by law to file corporate minutes with the Secretary of State.
Secretary of State Handel Alerts Corporations to Potential Scam
Atlanta, GA—Recently, an entity calling itself “Georgia Corporate Compliance” mailed solicitations entitled “Annual Minutes Disclosure Statement” to numerous Georgia corporations. This solicitation offers to complete corporate meeting minutes on behalf of the Georgia corporation for a fee. Despite the implications contained in the solicitation, Georgia corporations are not required by law to file corporate minutes with the Secretary of State.
Recently, an entity calling itself “State Corporate Compliance” mailed solicitations entitled “Annual Corporate Minutes Compliance Filing” to numerous Texas business entities. This solicitation offers to complete corporate meeting minutes on behalf of the Texas business entities for a fee. Despite the implications contained in the solicitation, Texas business entities are not required by law to file corporate minutes with the Secretary of State.
Oregon Corporate Compliance
Better Business Bureau takes a look at Corporate Compliance
Popularity: 1% [?]
Is Privacy Dead?
September 24, 2008
Yes.
Privacy is dead and getting deader. So who killed it? We did. We killed it with our nature. We like our tools & technology. We can’t go without our GPS, SIM card loaded cell phones. We don’t really think about how cell Phones can be easily tracked and tell so many intimated details about where you are and who you’re talking to.
We love convenience so how can we go without our Google, Yahoo, MSN searches and our access to the Internet. Never mind the fact that all of these entities track or even record (and send to the government) every thing we do online.
Our nature places privacy last on the list, and convenience and comfort in the top five. I’m not looking down my nose at you. I’m guilty of all of the above privacy sins. I’m not judging your search engine usage or saying you should switch to anonymizers and clusty.com or go phone using an untraceable credit card.. I’ve got my tin foil hat in storage next to my year supply of MRE’s and shot guns.
I’m just pointing out the facts. We give our privacy away, to companies, the government and other organizations.
What is a bit bothersome to me are laws that allow the abuse of what we are willing to give in trust. The protection of the data we entrust to companies, federal, state and local government should not be allowed to be misused neither by
Violations of the 4th Amendment (use of your online history without probable cause) nor by criminal hackers and/or companies selling your information to the highest bidder.
Fair laws that are in favor of the buyer adherence to the 4th Amendment. I don’t think this is a reasonable request. I think the CIO’s who implement opt-out letters sent to clients expect some amount of respect for the information they put out.
Would be pissed if his financial information was stolen.
Popularity: 1% [?]
First Bust Ever for ATM Reprogramming Scam
September 24, 2008
The pair allegedly reprogrammed the machines to believe they were loaded with one-dollar bills instead of tens and twenties. A withdrawal of $20 would thus net $380. The Nebraska case marks the first reported arrests for the keypad capers.
read more | digg story
Popularity: 1% [?]
The Singularity is Near (for security) pt. 1
September 21, 2008
I’ve been reading Ray Kurzweil’s The Singularity is Near. Its been blowing my mind. Its a detailed account of how, when and why artificial intelligence will out do humanity (as it is now) in every way in about 20-30 years.
The book is the real deal. Its over 600 pages with 100 pages of notes. Its a college course and a 10 course meal.
The first thing you have to realize about Ray is that he is not some kook with a sci-fi idea. His ideas are NOT some sci-fi “original movie” trash cooked up by a team of ex-dungeon master, fanboy geeks. Kurzweil is a world class inventor who created the first omni-font optical character recognition system. He is the brains behind text to speech, and next generation of music synthesizers (the one that are able to sound like any instrument).
He is the father of the Law of Accelerating Returns that details about the exponential growth of technological progress and change.
So far, the most startling idea I’ve read in his book is something I read from a Vernor Vinge article a few years back. Eventually, computers will be sentient and a trillion times smarter than us. I’m not just being sarcastic and throughout ridiculous numbers (bajillion kajillion) to get an over inflated point across, I mean LITERALLY the will be a trillion times smarter. If you subscribe to the Howard Gardner theory of Multiple Intelligence computers will able to out do us on everyone of them (plus a plethora of some we don’t yet have the capacity to conceive of). If that doesn’t stir you.. how about this? They will eventually build systems (AI) smarter than themselves. That is when they will be so far beyond us that we (in our current capacity) will not be able to comprehend them fully.
Kurzweil is definitely not gloom and doom. He does not predict (for example) that the machines will send Arnold Schwarzenegger back to 1984 to kill Sarah Connors (Linda Hamilton is still safe). In fact, the book is about “when humans transcend biology”.
Now just think about that… “transcend biology”. It gets me thinking of some sort of “Ghost in the Shell” type world where most people are cybernetically enhanced in a hundred ways. Ghost in the Shell is among my favorite anime franchises because it goes to great lengths to describe its cybernetic world. The singularity is a reality in the world of Ghost in the Shell.
Its a world in which an AI can hack and/or possess anyone/thing with a cybernetic central nervous system. A world where the line between physical and virtual are blurred by visual enhancements and the definition of humanity must be expanded to allow people who are now 90% robotic.
What do I think the Singularity will mean to security? That is a bit of a ridiculous question. Its like asking.. if the sun explodes, what will happen to all the plants. The answer is the same thing that will happen to all of humanity. Perhaps the sun exploding is a bad analogy.. because I don’t think the Singularity will feel the sudden need to enslave all humanity, turn us into batteries and lock us in a matrix like virtual world. I think it will be more of a collaboration between super computer and abacus, Rancher and cattle, Shepard and sheep but not at all like master and slave (well at least not a BAD master). Those of us unwilling and/or unable to change will be like a novelty item, neo-Amish. The Singularity will hack us and herd us like consumer, technology dependent sheeple we have become. And we will do nothing but smile and enjoy our everyday prices.
Speaking of novelty, I can help but think of Terrence McKenna’s mention of an acceleration of everything in his Timewave Zero theory.
The graph shows at what times, but never at what locations, novelty is increasing or decreasing. According to the timewave graph, great periods of novelty occurred about 4 billion years ago when Earth was formed, 65 million years ago when dinosaurs were extinct and mammals expanded, about 10,000 years ago after the end of the ice age, around late 18th century when social and scientific revolutions progressed, during the sixties, around the time of 911, and with coming novelty periods in November 2008, October 2010, with the novelty progressing towards the infinity on 21st December 2012 - wiki
The rate of change is both inevitable and necessary to our nature.
Once again, security is a piss ant in relation to the upcoming changes predicted by these modern mathematical prophets, but I will say this lately things in the Certification & Accreditation world have been changing drastically every 6 months, with each changes bringing in a wave of rumor of yet MORE change. The current rate of change is keeping me very employed.
Popularity: 1% [?]
