So the latest news with the Gary McKinnon case that was he was trying to fight against Extradition, he started off with Appeals against US Extradition, then he Won The Right to Lords Appeal Extradition Hearing and then he lost the Lords case then went for the European Court.
Sadly it seems he lost his appeal [...]

Another one bites the dust, this time for spying on a teenage girl via webcam. 4 years is a reasonable sentence this time I think as the case borders on many offenses such as blackmail, indecent behaviour, infringement of privacy, unlawful access and probably a few more.
It was a pretty simple hack as it goes, [...]

In the story we recently covered where Terry Childs had locked San Fransisco officials out of their own network, there is a new development.
He’s handed over the passcode to the Mayor, Gavin Newsom. It seems he came to his senses and he also seems to have VERY little faith in the IT administration for the [...]

It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy.
A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a certain [...]

Pantera is actually using an improved version of SPIKE Proxy and is a project under the umbrella of OWASP.
It’s aiming to be a more automated method for testing Web Application Security.

Features

User-friendly custom web GUI. (CSS): Pantera itself is a web application that runs inside the browser and can be customized using CSS by the user. [...]

If you don’t know, BackTrack is a top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
Back in January we mentioned the BackTrack Live Hacking CD BETA 3 was released, at last the final version is [...]

It just goes to show, however smart you think you are…don’t bother trying to wreck someones data. In this case, even if the guy was pissed it was highly responsible as it involved medical records and could actually seriously effect someones life.
He was pretty careful but left a few clues behind, more than enough for [...]

Now this isn’t a new tool, and it’s not quite up to date as the author hasn’t updated it for a while - but it’s still exceedingly cool!
As you know most IP addresses are registered to companies or organizations in blocks, so you can identify which network an edit is coming from as Wikipedia logs [...]

Another big heist in the US netting a whole lot of juicy information on credit and debit cards, over half a million USD lost in this case alone. There’s a whole lot of fraud going on..
Not bad for fiddling with the cash register system of a restaurant chain. It just shows, anyone dealing with finanical [...]

Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.

Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted [...]

So a new initiative - the Open Source Computer Emergency Response Team known as oCERT has been set up one of the main sponsors being Google (read more here - Contributing to Open Source Software Security).

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or [...]

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit [...]

It seems like Microsoft are starting to get serious about security, in a very progressive move they have said they are ok with ethical hackers finding security flaws in their online services.
It’s been fairly ok so far to hack away at software installed on your own hardware, but hitting remotely hosted applications has been a [...]

This is pretty interesting - US, UK, Canada, Australia and New Zealand are taking part in a fictitious cyberwar as an exercise to prepare and plan for sustained cyber attacks including some of which have actually caused power outages.
I personally think it’s a great idea, I must have missed Cyber Storm I as this is [...]

NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.
NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and [...]

Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a porn site!
This is just what happened to Perl.com a few days ago.

Visitors to Perl.com, the O’Reilly Media-owned [...]

Ah I remember some of the nastiest viruses back in the day attaching themselves in the MBR (Master Boot Record) rendering most anti-virus software useless (as it sits on top of the OS).
Now it seems MBR infection is back in fashion for a new age of rootkits.

Security mavens have uncovered a new class of attacks [...]

It’s that time of the year, our annual christmas present - the Sans Top 20 Vulnerabilities for 2007.
The SANS Top 2007 list is not “cumulative.” We include only critical vulnerabilities from the past year or so. If you have not patched your systems for long time, it would be wise to patch the vulnerabilities listed [...]

Apple has admitted that is has at LEAST three serious design weaknesses in it’s new application based firewall being rolled out with Mac OS X ‘Leopard’.
It comes (somewhat oddly) only 24 hours after a Mac OS X security update that fixed 41 OS X and Safari security vulnerabilities.
Previously independent researchers proved that Apple’s claim that [...]

As mentioned in the previous FireCAT 1.1 post, FireCAT 1.2 was released last month.
If you aren’t aware, FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions.

Changes for FireCAT 1.2

Renamed subcategory “Social Engineering” to “Data mining”
Bibirmer updated location (thanks to Zagrodzki Krzysztof from Telekomunikacja Polska)
Enhanced History Manager (to new subcategory Misc [...]

This has been floating around for a while and you might have noticed a warning on some German based security sites that they’ve had to move their tools due to this new legislation known as 202(c) - a couple of examples are KisMAC and Phenoelit.
Basically the new law prohibits manufacturing, programming, installing, or spreading software [...]

This case has been going on for a while but obviously hush hush, being that it is the largest breach of customer data in U.S. History. The details of the case have only started emerging in the last couple of months.
Information Week published a good article covering what has been going on recently.
Amazing the amount [...]

Seen as though we get a lot of searches for PSP firmware updates and information about homebrew, I thought I’d post about this which popped up a few months ago.
In what undoubtedly will be remembered as a historic and life-changing event for PSP enthusiasts everywhere, a group of coders (Noobz and [...]

After the recent fiasco about the Pentagon being Hacked by Chinese Military another few governments have piped up with information about cyber surveillance by China.
The latest is France.
It seems like right now china has it’s fingers in many pies.

France has become the fourth country to speak out against hackers in China [...]

There has been some debate on Darknet about this kit and it’s use, obviously it’s a kit for beginners but it is useful. Advanced chaps like you and me (you guys know who you are) most likely have the requisite tools and knowledge to build/find/etc whatever we need to get the job done.
That’s partially what [...]

Inspired by EtherPEG, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

EtherPEG was a program that sniffed for JPEGs passing by on the AirPort networks at MacHack, and showed them on the huge screen [...]

The details are still a bit shaky, but this news has been making the rounds.
Apparently the the hack attack in June on the Pentagon may have been carried out by the Chinese Military (People’s Liberation Army).

One senior US official said the Pentagon had pinpointed the exact origins of the attack. Another person familiar with the [...]

A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes.
This was less than a month after Technet got owned.
I don’t think they are ever going to lay [...]

FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions. It can be used to turn your favorite browser (Firefox) into a powerful security framework.

FireCAT comes from “Firefox Catalog of Auditing Toolbox”
Changes for FireCAT 1.1
+ Category Network Utililies
- Added ffsniff to subcat “Sniffers”
- Added CrossFTP to subcat FTP (thanks to Benjamin [...]

KGB Keylogger from Refog Software is a decent light weight Key Logger.
KGB Keylogger is a multi-functional keyboard tracking software that is widely used by both regular users and IT security specialists for tracking the key strokes typed on a given machine.

KGB Keylogger Features at a Glance

Stealth mode and visible mode of work;
Logs keyboard input, including [...]

Teredo is a platform-independent protocol developed by Microsoft, which is enabled by default in Windows Vista. Teredo provides a way for nodes located behind an IPv4 NAT to connect to IPv6 nodes on the Internet. However, by tunneling IPv6 traffic over IPv4 UDP through the NAT and directly to the end node, Teredo raises some [...]

Elcomsoft is quite a well known firm when it comes to password ‘recovery’, I have used their products in the past when I was in a fix and I needed a password that had been, you know…lost.
They rose to fame in 2001 after cracking Adobe’s eBook format.
Recently they announced a fairly serious backdoor in Quicken [...]

Seems like a social engineering type attack again relying on human ignorance and stupidity. Based around some kind of malware reporting back to a central repository.
Remember kids if a deal is too good to be true…it isn’t.

Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings [...]

Some light entertainment for once.
You all leet.
The government better watch out, RAMZI IS IN THE HIZZOUSE.

I thanksyou all.
Phew.

The Pentagon got owned pretty hard with 1,500 accounts being taken offline due to a hack attack. For once however they did admit the incident and didn’t try to cover it over or brush it off.
I guess the amount of attacks they get is exponentially more than other networks…but still, I would have thought they [...]

This is some pretty interesting news, rather than trying to cover things up like normal during July the Philippine government will be soliciting hackers to test the security of their Internet voting system.
I think it’s a great initiative from the International Foundation for Electoral System.

Local and foreign computer hackers will be tapped to try and [...]

An interesting snippet from last month, AOL seems to have a strangely configued password system.
Users can enter up to 16 characters as a password, but the system only reads the first 8 and discards the rest. They are basically truncating the password at 8 characters.

A reader wrote in Friday with an interesting observation: When he [...]

Ah, FBI slammed again, it’s not the first time this has happened.
Remember when a Consultant Breached FBI’s Computers?
It also reminds me of when Homeland Security Scored an F for Internal Security AGAIN.

The Government Accountability Office, the federal government’s watchdog agency, Thursday released a report critical of the FBI’s internal network, asserting it lacks security controls [...]

Or half-open scanning technique is the first of three to come series about stealth scanning… The other two are Xmas/Fin/Null and idle/zombie scan techniques…
Intro
This is a series of three to come articles about stealth scanning, everything that I am going to present is hping oriented so if you want to learn this techniques you’d better [...]

Basically Ubuntu Ultimate Edition is Ubuntu Edgy Eft with a whole lot of software pre-added.
Sadly the author had to removed Java, Flash and Acrobat reader due to licensing agreements. But don’t worry as there is a custom repository in the release which includes all of these and much more.

SMP Support (dual core CPUS) / works [...]

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. It can be distributed only in the form of the original non-modified PDF document.
ISSUE 1.10 (February 2007) - DOWNLOAD

Microsoft Windows Vista: significant security improvement?
Review: GFI Endpoint Security 3
Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
Top 10 [...]

A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.
Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by [...]

It didn’t take them long! A while ago some smart chaps worked out the a way to extract the HD DVD and Blu-ray Disc “volume keys” to decrypt AACS DRM on individual films (This was about 2 months ago).
Now they have cracked the scheme behind it, the so called “processing key” used to decrypt the [...]

Some sneaky hacker got into the Wordpress download server and placed a backdoor in the latest available version (2.1.1).
Luckily within a day someone reported the exploit to the Wordpress team and they took the site down to investigate.

This morning we received a note to our security mailing address about unusual and highly exploitable code in [...]

Recently a fairly huge credit card breach occurred involving a large retail company called TJX, with more than 2,000 retail stores.
Some pretty well known brands there, I know I’ve used some of them…the sad part is they themselves still haven’t worked out the extent of the damage done to their information.
For me this has serious [...]

A paper about cracking SHA-1 originally surfaced in 2005, from a fairly reputable scientific source in China, it was widely publicised nor talked about much.
But then recently, just last month China managed to make a wave out of it, almost 2 years after the initial ‘report’.
It was even Slashdotted on January 20th 2007, the article [...]

This is a pretty cool new development, something straight out of a Tom Clancy thriller or a spy/hacker movie.
Introducing Spy Coins! People are actually being warned about picking up stray coins as they might have surveillance devices inside.

Can the coins jingling in your pocket trace your movements? The Defense Department is warning its American contractor [...]

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs.
A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment.
So if [...]

I saw a pretty interesting article a few days attempting to reverse engineer the mosaic tool used often online to obscure sensitive or confidential information.
The article shows that the mosaic isn’t actually very random, and in a way you can brute force reverse engineer the mosaic to reveal the contents before they were obscured.
It’s ok [...]

A pretty cool song about RFID and RFID hacking from Monochrom.at.
Written and first performed at 23C3 (23rd Chaos Communication Congress) in December 2006 in Berlin as part of monochrom’s ‘Proto-Melodic Comment Squad’.

Users, there’s trouble ahead
I said users, it is totally sad
But users, the future lies in your hand
Cause it’s all about surveillance
Comrades, you don’t know [...]

The famous Phenoelit Default Password List has been updated, it’s been quite some time since an update.

http://www.phenoelit.de/dpl/dpl.html
This is a must have resource on your pen-drive and backed up offline somewhere for those important times when you need to know the login for a router/switch

Ah the old mythical tale of hacking your school to change your grades to straight A’s, well I know people do it, I’ve seen it in the past…but now someone has actually gotten caught for it.
And what’s more..he’s the senior class president!

Cooper City High School’s senior class president was arrested Tuesday and charged in [...]

Data recovery is an important subject and it’s definitely a good thing to have a positive understanding of data recovery and how it could effort you personally or your business.
So someone told me about this Data recovery article which is a decent original reference to data recovery which contains some good original information, links to [...]

MTR was written by Matt Kimball, with contributions by many people. Take a look at the “AUTHORS” file in the distribution. Roger Wolff took over maintenance of MTR in october 1998.
MTR combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single network diagnostic tool.

As MTR starts, it investigates the network connection between the [...]

When things like this happen it’s kinda of scary, like a while back when someone managed to get into a highly secure power station network through a stupid contractors laptop that was connected to the net via dialup and to the uber ’secure’ power station LAN.
An infected laptop PC gave hackers access to computer systems [...]

UK Police have uncovered a fairly massive data theft operation with a total close to 8,500 victims.
It’s quite worrying when things like this are uncovered as if 1 is uncovered or discovered…imagine how many aren’t found out about, just like exploits.

British electronic-crime detectives are investigating a massive data theft operation that stole sensitive information from [...]

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. It can be distributed only in the form of the original non-modified PDF document.
The 9th issue of (IN)SECURE magazine was recently released, in this issue you can find the following:

Effectiveness of security by admonition: a case study of [...]

Here is a newly released VA methodology, the author believes it to be more focused, and thus cost effective VA process. It may map to internal work, but it is probably more suited to external sites.
It’s gone through a couple of revisions so it’s a bit more polished now.
You can find the notes on the [...]

A dream come true, would I say… recently found this article on securityfocus, it’s awesome… all that you need (beside Firefox) is pointed out in the article, so go on, what are you waiting for…
http://www.securityfocus.com/infocus/1879

An interesting enough article, but if you work in infosec you could probably guess the topics anyway.
In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce announced the five leading causes of data breaches and offered immediate, specific prevention strategies [...]

It makes sense really, the paranoia that quickly infected every corner of the ‘Western’ world had to be cashed in on by somebody, tada! The security industry of course.

During the Cold War, Canada’s National Optics Institute developed a system to detect which type of enemy tank or fighter jet was approaching. After the Soviet Union’s [...]

Something a little off-topic for once, nerdcore is getting big!
Geek music is hitting the streets.

Gangsta is dead. Grime is a bore. There’s a new beat on the street and it’s called Nerdcore. This geeky hip hop subgenre, also dubbed CS rap (that’s computer science, yo!), is finally booting up with the release of Rhyme Torrents, [...]

A sterling case for two factor authentication if I ever saw one.
The rule is use two of the 3 methods of authentication, if possible use all 3.

What you have (A USB key or Token)
What you are (Biometrics - Fingerprint or Iris scan)
What you know (A password or passphrase)

More than 8 out of every 10 [...]

Ahah! More government cover-ups? This one was a while back too.
Digging on those archives right now yah.
A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency, scary eh?
The US government security really does scare me sometimes, their internal departments have some of [...]

“pleez, pleez, PLEEZ teach me how to hack a Hotmail Account!!!”
-unidentified IRC user
From here on in you walk alone. Neither little_v OR Black Sun Research Facility AND its members will be responsible for what you do with the information presented here. Do not use this information to impress your “l33t0_b0rit0″ friends. Do not [...]

Ah another flaw in Myspace, this time it’s quite dangerous exposing the details of teenagers.

A security hole in the popular MySpace social networking site allowed users to view entries marked “private”, a crucial protection for users aged under 16, according to weekend reports.
Though the site is said to have fixed the problem, it was said [...]

Ah another huge hacking resulting in a large loss of confidential information, companies really need to start getting more pro-active about aggresively testing their corporate networks and web based applications.
Information including CREDIT CARD numbers sadly.

AT&T on Tuesday said hackers broke into one of its computer systems and accessed personal data on thousands of customers who [...]

I’ve been spending a lot of time online lately reading all kinds of stupid text files on how to “Takeover Ops Boi!!!”, “eLeEt WaYs To gEt OpS!!!”, “HOW TO GET OPS ON SERVER SPLITS”, etc. We all know none of these things work, at least not for me. They’re either written by morons, or they [...]

Recently one of the sites I am developing for my self was link spammed. Some unpleasant individual decided that it would be fun to post 160 “comments” spread over all the blog posts. All the comments contained was URL’s. Even more stupid they used BB tags, but as I wrote the site it doesn’t use [...]

Ah cyberwar, cyber terrorism, efforts are ramping up, more sites are going down.

The war in Lebanon is now showing its consequences in the digital world and a huge number of websites has been attacked and defaced as a protest against the invasion of Lebanon by Israel.
Today two NASA websites were attacked as well. The intrusion [...]

The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. The trojan installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks.

It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. The [...]

Israeli hackers have decided to ‘help’ and join the war against Palestine.
The hackers group that calls itself “IDF” (which also means Israeli Defence Force) has hacked dozens of sites, erased the site content and replaced it the index with a picture of the Lebanon destruction that is made by Israeli Defence Force as an answer [...]

Netscape.com has been hacked via a persistent Cross Site Scripting (XSS) vulnerability in their newly launched Digg-like news service.
It seems the attacker did report the flaw to them repeatedly but they didn’t heed and ignored it, so he performed the XSS all over the site.

eplawless stated the following:
It was me. I did it. C’est [...]

For those who haven’t noticed yet, today booster made a milestone in PSP history. Enabling firmware 2.71 emulation in DevHook 0.44.

Alot has been going on lately in the PSP scene and its great. With the release of the 2.5/.6 downgrader and full iso and game emulation in DevHook.
Download here. Credit goes to booster [...]

Using standard script kiddy tools a consultant managed to compromise some of the FBI’s computers containing confidential information.
Quite a hack eh?
A government consultant, using computer programs easily found on the Internet, managed to crack the FBI’s classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.
The [...]

Ticketcharge.com.my, a Malaysian website that sells event tickets online appears to have been hacked. Forgot to take a screenshot of it but this screenshot from google cache taken today can be seen below. This happened over the weekend or perhaps earlier.

Google cache here . This will be gone when google re-cache the [...]