« June 2006 | Main | August 2006 »
The guys over at T.W.A.T. put together a great episode on bluecasing. We've mentioned it in the past, and I wish we could have done this, but there are only so many hours in the day. Please it you are interested in the Bluetooth hacking, go check out Episode 124. They did a great job, and I'm all about supporting the others in teh community who know their stuff.
- L
Well, this guys is just a moron. He saves his "multi-million dollar screenplays" to his desktop. The DSL tech comes over and does the install, and decides to help out by cleaning up the desktop, and deletes said screenplays.
Backup, what's that?
Now, I agree the DSL guy is in the wrong. I'm also as guilty as the next guy about backing stuff up. However, I make damned sure I make multiple copies of my really important stuff. I maen, it really isn't that hard, or expensive - I just picked up three 500gig drives (yes, 1.5 terabytes) and external enclosures for under $500 USD.
Given the alleged value of the material, isn't a few bucks for a backup copy a good investment. Just think, today it was the DSL guy, but tomorrow or the day after it could be hardware failure, electrical surge, fire, intercontinental ballistic misslles. Isn't a few bucks that worth your piece of mind, and your livelyhood?
- L
If You Have Something Worth Millions, Shouldn't You Back It Up?
This may be an inelegant Google hack, but way to think out side of the box. Websense is using Google's binary search feature to isolate sites that contain malware code.
Now the benefit here is part of practicing in depth. With Websense doing this research, I'm sure that they are populating their web filtering product with additional sites in thier "Security Risk" category. As a result, Websense customers can prevent their users from ever gaining access to these bad sites in the first place - just one of many steps in the Defense in Depth process.
I like to think of this as: Don't want to get mugged? Don't go down the dark alley!
Websense can now provide additional fencing outside the dark alley for their customers. Cool.
- L
HP is rolling out a new service to perform penetration testing for it's customers. When did HP become a security company? I thought they made Desktops, servers and Printers.
I certainly hope they do a better job with this than they used to do with their PCs years ago (I was never a fan).
So, how does it work when they have to pentest one of their own, vulnerable printers? Isn't that called "conflict of interest"?
- L
I call shenanigans on this one.
Ok, so my new credit card has an RFID chip in it that I can use for small purchases by just waving the card. I'm sure the RFID chip in the card takes all available security measures from being skimmed, improperly read, etc. But here is my problem:
These are commodity devices! The RFID cards will be everywhere, so there will be plenty of research material there - heck, I have 3 from my local bank already. The readers are available too - they are already installed in a number of 7-Eleven stores, and it will just be a mater of time before they start showing up on Ebay (if they haven't already).
Research has already been released (some time ago) on how other existing RFID skimming techniques are to pull off with the previously available technology. It is just a matter of time...
Maybe there will be a new market for RFID proof wallets.
- L
I thought I'd post this story because some of the hackers are right in my own back yard. Looks like 5 youths (did I say utes?) got busted for breaking in to law enforcement systems in Florida and ultimately gained access to some LexisNexis systems.
It appears that they were able to grab some personal info on Laurence Fishburne, Demi Moore, The Governator and Paris Hilton, although they claimed that they did not use the information for any purpose, I'll gotten or not. I can see that - sometimes the satisfaction of knowing you have the power but not using it is enough for some people.
Now, I've got to ask, why is this information on interent accessible systems? Even if it wasn't and they had to use surreptitious means, keep this stuff off of your internet connected systems - that is the real lesson.
- L
Part one in a two part paper on cracking WEP, using Aircrack-ng under windows. Sure, this has been written up before, but this one gives some great background as to why WEP cracking works, and a down and dirty instructional. Perfect.
- L
