Elamb Cybersecurity

Category: Main Digg

  • Black Hat Spammers (NIST Hacked)

    NIST.gov, heidelberg university and others have been hacked by black hat spammers.

    Lately I’ve been getting some spam that I consider a special treat.  These are websites that have been exploited and used to promote spammy pharmacy products such as viagra and cialis. 

    I am not happy that victims are being used, I’m intriqued on how the spammers managed to get away with it.

    This one comes from NIST.gov: 

    SPAM Hack of NIST.gov
    viagra
    http://www.nist.gov/HyperNews/atp/get/collaboration/285/1.html
    viagra
    [URL=”http://www.nist.gov/HyperNews/atp/get/collaboration/285/1.html”]viagra[/URL]
    tramadol
    http://www.nist.gov/HyperNews/atp/get/collaboration/288.html
    tramadol

    I’ve been working with the U.S. Govt for a long time so I am familiar with the NIST.  It is the National Institue of Standards and Technology: “Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department’s Technology Administration.” 

    When I thought that they might have been hacked, I immediately sent and email to the webmaster.  But unfortunately they rejected my email.
    Here is another hack attempt (this one unsuccessful):

    UTA.edu
    viagra
    http://www.uta.edu/HyperNews/get/delgua/158.html
    viagra
    [URL=”http://www.uta.edu/HyperNews/get/delgua/158.html”]viagra[/URL]
    phentermine
    http://www.uta.edu/HyperNews/get/delgua/160.html
    phentermine

    Here is one is what looks like a division of Heidelberg University:

    physi.uni-Heidelberg.de
    cheap xanax
    http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html
    cheap xanax
    [URL=”http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html”]cheap xanax[/URL]
    generic viagra
    http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/860.html
    generic viagra

    email I sent to Heidelberg Universtiy (translated with babelfish):

    Hallo,
    Ihr Aufstellungsort kann ausgenutzt worden sein:
    http://www.physi.uni-heidelberg.de/HyperNewsFachschaft/get/discussion/862.html
    Die Person, die dies getan hat, benutzt Ihren Aufstellungsort zu Spam andere Internet-Aufstellungsorte. Traurig über meinen Deutschen. Ich verwende babelfish.altavista.com, um zu übersetzen. Auf Wiedersehen

    Here is another attempt on Kryten.murdoch.edu.au 

    pacific poker
    http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/300.html
    pacific poker
    [URL=”http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/300.html”]pacific poker[/URL]
    cialis
    http://kryten.murdoch.edu.au/HyperNews/get/forums/thal/297.html
    cialis

    As with any exploit, the spammers used a flaw in the webpage to post the data on victims webpages.  The sad thing is that it can happen to anyone.  Security Awareness is really the only defense one can have.
     

    I have been getting a lot.  I’ll update this when I get some good one.

  • who is ludochekmy? date spammer

    Apparently, she is a lonely single woman who speaks english as a second language.

    I googled “ludochek” and found this:

    ludochekmy googled 

    YOU SEARCH WOMAN? I’m single woman and i search man my mail: ludochekmy()gmail.com
    I’m blond, 32y.old. If you search woman for pen pal and more write to me and i can send
    to you my new pics and tell more about myself.
    I use () instead @ for my email.
    I post this message from this forum because i don’t have credit card and can’t use dating site.
    If you want find a friend please write to me i am very lonely girl.
    I wait your message to my email: ludochekmy()gmail.com but you must use @ Ludmila.
    I wonder if date spamming works.  I’ll do some research on this.

  • Defon14 was great!

    There was a lot of great stuff at Defcon 14.  

    The last Defcon that I went to was Defcon11 in 2003.  Defcon 14 has grown quite a bit since then.  According to DarkTangent it was about 7000 strong.  The great thing was the venue.  Defcon 11 was at Alexis Park.  This one was at the Riviera hotel. 

    Many of the rooms at Alexis Park had no A/C.  The worst thing was that many of the rooms would get packed and have to turn people away.  At times it seemed that this might cause a riot!

    As far as I know, only one room got too packed this time it was “Googling: I’m Feeling (un)Lucky” by Greg Conti. 

    I have a lot of favorites but what stands out for me was “Beyond Social Engineering: Tools for Reinventing Yourself” by Theime Richard.  He had interesting ideas about the importance of integrating spirituality into your life to balance the difference personality profiles and life changes that happen more and more in a world of fast moving technology.  He discussed modifying your persona with reference to your “meta-self”, or hacking yourself.  Very interesting and insightful.

    I loved all the breifings on privacy and the legal battles against the government and AT&T.  I will definitely be getting involved. 

    Others that stand out are The Making of atlas: Kiddie to Hacker in 5 Sleepless Nights, by atlas.  I thought it was a great introduction to REAL hacking, which is pretty damn hardcore.  Atlas and his team 1stPlace actually won Capture the Flag, the main event at Defcon.

    There was S. Korean team their that got honorable mention, since the flew all the way around the world just to play the game.

     

     

  • paypal email scams

    I get these paypal email scams ALL the time. It is really just one of so many phishing scams that put up mock versions of legitimate financial services and institutions such as Wells Fargo, Western Union, Bank of America and others in order to trick some of their customers into giving up usernames, passwords and account information.

    Notice that the URL adress bar goes to IP: 202.181.96.33

    This IP goes to somewhere in Australia and not PayPal. NEVER go to these mock sites and give your information. If you think something maybe wrong with your account after receiving an email make sure you open a NEW BROWSER and type the url in your self.

  • Complex Ransomware Outsmarting the Anti Virus Industry

    Heard about this tactic at the last ISSA-COS meeting:

    The first piece of ransomware to use a sophisticated encryption algorithm, Gpcode.ac, was detected in January 2006 and used the RSA algorithm to create a 56-bit key. Since then, the author of Gpcode has released several increasingly complex variants of the virus and in June released Gpcode.ag, which used a 660-bit key.

    read more | digg story

  • Gizmo Site Defaced by Anti Israeli Hackers

    Front Page shows: “eno7 ownz your box”
    “Lebanon-israel…STOP!”

    What is this? Hacker’s for peace? Hackivism lives on.

    read more | digg story

  • Secure messenger to guard against totalitarian governments

    This looks very cool. With first world governments becoming more intrusive on their citizens, this seems like an interesting tool.

    “Hacktivismo, a division of Cult of the Dead Cow, unveiled their latest application, ScatterChat, this week at the sixth HOPE conference.

    ScatterChat is a secure instant messenging program which supports all major chat networks, second generation onion routing for anonymization, as well as end-to-end encryption for both chat and file transfers.”

    read more | digg story

  • The Internet Is Your Next Hard Drive

    “New Web-based services don’t just store your data online — they keep it synchronized across your laptop, desktop, and mobile phone.” — digg

    Every year I find my self dependent on more and more geographically seperated systems and devices, so I totally agree with the article. My question is, won’t this eventually turn into a major privacy/security issue? For privacy, I imagine that governments around the world (particularly the more capitalistic, democratic ones) will find a way to data mine the data on Internet hosts. In the U.S., the law is already set up to make this happen (U.S.A Patriot Act).
    Security is a no brainer. Having massive centralized locations for data could expose personal data to disgruntled workers that have (had) access to those data silos.

    I imagine the best thing to do is maintain a small footprint and a low profile by keeping the data on your own Internet accessible servers. Of course the drawback is the time and possibly extra money it would take to do it right. Everything has a price.

    read more | digg story

  • Cisco to be under scrutiny again at Black Hat

    “Cisco Systems Inc.’s products will again come under scrutiny at this year’s Black Hat USA 2006 conference, which kicks off later this month in Las Vegas. Conference organizers say that 15 new exploits will be discussed at this year’s event and that two of them target NAC (Network Admission Control).”

    Now if Cisco had any understanding of the importants of transparency with the technical community in this age of free information, they would break this news themselves and have solutions and mitigations to fix it. Instead they are too worried about the bottom line (the shareholders) which will take a hit anyway once the media gets a hold of it.

    Mr. John Chambers, despite the security issues you’ve got great products, but get a clue about how to deal with these problems.

    read more | digg story

  • Security Forums Directory

    Easily locate forums and newsgroups related to security. Why isn’t elamb.org on there? Oh, well.

    read more | digg story