“The Chinese government has announced plans to police web forums, chat rooms and blogs alongside other websites. Websites in China have long been required to be officially registered. The authorities are now determined that blogs should also be brought under state control.”

There are 3 billion Chinese. Even if only 150,000,000 (1/2 the population of the U.S.) have blogs each of them could make more than one blog. They must be using fear to control the people because that seems like the only way they could really control the freedom of ideas on the Internet.

read more | digg story

Here are five essential tools for securing Firefox by disabling JavaScript and Flash, sniffing out suspicious sites, foiling phishing, preventing peeks at private data, and preparing powerful passwords.

read more | digg story

“Darknets are SO last century. Why not go Brightnet!
Why break the law when you don’t have to. Hackers have found a way to share stuff without violating copyright.”

The RIAA and MPAA are going to have to find a new way to sue their consumers.

read more | digg story

“BorderWare Technologies Inc., and PGP founder Phil Zimmermann, industry leaders in IP communications security, privacy and compliance solutions, today announced an agreement to make BorderWare the first commercial licensee of Zfone, secure VoIP media encryption software, created by Zimmermann.”

From what I saw on the vulnerabilities of VoIP at Defcon, this is good news.

read more | digg story

Don’t believe the HYPE!

IT security experts have warned computer users to be wary of an email claiming to come from a dying KGB agent, offering to pass on secrets of the John F Kennedy assassination.

read more | digg story

“An independent security researcher showed off an early version of a tool for creating covert channels that, he claims, can pass undetected through most firewalls and intrusion detection systems.”

I saw this demonstration at Defcon. Man, I am not looking forward to typing in those ultra long IPv6 addresses!

read more | digg story

As the spotlight on a dangerous Windows vulnerability grows brighter by the hour, security analysts Thursday said that it’s not hype driving the alarms, but genuine fear that a major worm attack is just days away. This is no drill. Thursday’s deepening concern was fueled by several releases of new exploit code.

read more | digg story

 

There was a lot of great stuff at Defcon 14.  

The last Defcon that I went to was Defcon11 in 2003.  Defcon 14 has grown quite a bit since then.  According to DarkTangent it was about 7000 geeks/hackers/security pros/phreaks strong.  The great thing about this particular Defcon was the change of venue.  Defcon 11 was at Alexis Park.  This one was at the Riviera hotel. 

Many of the rooms at Alexis Park had no A/C.  The worst thing was that many of the rooms would get packed and have to turn people away.  At times it seemed that this might cause a riot!

As far as I know, only one room got too packed this time it was “Googling: I’m Feeling (un)Lucky” by Greg Conti. 

I have a lot of favorites but what stands out for me was “Beyond Social Engineering: Tools for Reinventing Yourself” by Theime Richard.  He had interesting ideas about the importance of integrating spirituality into your life to balance the difference personality profiles and life changes that happen more and more in a world of fast moving technology.  He discussed modifying your persona with reference to your “meta-self”, or hacking yourself.  Very interesting and insightful.

I loved all the breifings on privacy and the legal battles against the government and AT&T.  I will definitely be getting involved. 

Others that stand out are The Making of atlas: Kiddie to Hacker in 5 Sleepless Nights, by atlas.  I thought it was a great introduction to REAL hacking, which is pretty damn hardcore.  Atlas and his team 1stPlace actually won Capture the Flag, the main event at Defcon.

There was S. Korean team their that got honorable mention, since the flew all the way around the world just to play the game.

 

 

NIST.gov, heidelberg university and others have been hacked by black hat spammers.

Lately I’ve been getting some spam that I consider a special treat.  These are websites that have been exploited and used to promote spammy pharmacy products such as viagra and cialis. 

I am not happy that victims are being used, I’m intriqued on how the spammers managed to get away with it.

This one comes from NIST.gov: 

SPAM Hack of NIST.gov
viagra
http://www.nist.gov/HyperNews/atp/get/collaboration/285/1.html
viagra
[URL=”http://www.nist.gov/HyperNews/atp/get/collaboration/285/1.html”]viagra[/URL]
tramadol
http://www.nist.gov/HyperNews/atp/get/collaboration/288.html
tramadol

I’ve been working with the U.S. Govt for a long time so I am familiar with the NIST.  It is the National Institue of Standards and Technology: “Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department’s Technology Administration.” 

When I thought that they might have been hacked, I immediately sent and email to the webmaster.  But unfortunately they rejected my email.
Here is another hack attempt (this one unsuccessful):

UTA.edu
viagra
http://www.uta.edu/HyperNews/get/delgua/158.html
viagra
[URL=”http://www.uta.edu/HyperNews/get/delgua/158.html”]viagra[/URL]
phentermine
http://www.uta.edu/HyperNews/get/delgua/160.html
phentermine

Here is one is what looks like a division of Heidelberg University:

physi.uni-Heidelberg.de
cheap xanax
http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html
cheap xanax
[URL=”http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html”]cheap xanax[/URL]
generic viagra
http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/860.html
generic viagra

email I sent to Heidelberg Universtiy (translated with babelfish):

Hallo,
Ihr Aufstellungsort kann ausgenutzt worden sein:
http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html
Die Person, die dies getan hat, benutzt Ihren Aufstellungsort zu Spam andere Internet-Aufstellungsorte. Traurig über meinen Deutschen. Ich verwende babelfish.altavista.com, um zu übersetzen. Auf Wiedersehen

Here is another attempt on Kryten.murdoch.edu.au 

pacific poker
http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/300.html
pacific poker
[URL=”http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/300.html”]pacific poker[/URL]
cialis
http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/297.html
cialis

As with any exploit, the spammers used a flaw in the webpage to post the data on victims webpages.  The sad thing is that it can happen to anyone.  Security Awareness is really the only defense one can have.
 

I have been getting a lot.  I’ll update this when I get some good one.

Apparently, she is a lonely single woman who speaks english as a second language.

I googled “ludochek” and found this:

ludochekmy googled 

YOU SEARCH WOMAN? I’m single woman and i search man my mail: ludochekmy()gmail.com
I’m blond, 32y.old. If you search woman for pen pal and more write to me and i can send
to you my new pics and tell more about myself.
I use () instead @ for my email.
I post this message from this forum because i don’t have credit card and can’t use dating site.
If you want find a friend please write to me i am very lonely girl.
I wait your message to my email: ludochekmy()gmail.com but you must use @ Ludmila.