For some of the long time readers, you might remember we’ve been covering the case of the UK Hacker Gary McKinnon for quite some time. The last post was about a year ago though in August 2007 when he Won Right to Lords Appeal Extradition Hearing.
The first post on the case was over 2 years [...]

Everybody has a favorite shell; not so many under Windows as there are under Linux, but anyway…
As most will tell you there favorite shell under Linux would be bash, as under Windows not really having what to chose from they would say cmd.exe (ok, bash can be used under Windows via cygwin, if I remember [...]

It seems like security/pen-testing software can be quite lucrative - especially with the prices Core Security charge for their flagship tool Core Impact (Around $25,000 per seat?).
They have offices in two countries and are now looking to expand into new markets, anyway this is a bit of corporate security news for a change. They have [...]

Ah I think it’s time for controversy on a Tuesday, what do you think about this case where a hacker got some info on a company about it’s soon to be plummeting share prices by breaking into their computer. By investing $41,000 in stock potion trading on the shares that were about to drop - [...]

Ok more controversy for you guys, and once again it’s the UK leading a new initiative. This time it’s not against making hacking tools illegal, it’s against people downloading ‘pirated’ content from the Internet (using torrent sites etc.).
I do hope they can differentiate using torrents to download open source software or creative commons music and [...]

This is sad news, it seems UK is considering following the lead of the Germans and their recently implemented hacking law 202(c) regarding the making of ‘hacking tools‘ illegal.
It’s almost like making baseball bats illegal because you can hit someone with it, doesn’t matter its made for playing sport and that’s what most people use [...]

GFI has recently conducted a survey concering corporate security in the US for small and medium sized enterprizes (SMEs).
Despite the best efforts of many small and medium sized companies, a recent US survey shows that four in 10 companies believe that their networks are not secure. Thirty-two percent of the companies also reported that they [...]

Storm is back in the festive season spreading some xmas and new year love. They even have a new year greeting site ready for spreading New Year related Storm Worm variants.
Social Engineering again, people are always more susceptible during holidays, I guess they are happy and less paranoid.

The Storm Worm gang are spreading seasonal ill-will. [...]

It seems like malware numbers are going up, rather than down as I would expect. But then if you think about it as a numbers game, the more people that come online - the more in absolute terms that are going to have nefarious intent. This means more hackers, more script kiddies and more malware.
It’s [...]

It seems India are getting serious about terrorist activities being co-ordinated via the Internet, they are starting to run extremely deep surveillance on many cyber-cafes in Mumbai.
The solution appears to be some kind of ‘legal’ trojan system that will collect logs and send them to the police.

The Mumbai police will soon have khabris deployed (not [...]

This is a cool tool I found recently amongst all the flame wars in the security mailing lists, someone developed this tool to profile the semantics of text.
Basically you pump in a load of e-mails from a known source, then compare it to the anonymous socks and see what probability it is that they are [...]

Gentoo Pulls the Plug after Getting Pwned
Gentoo pulled quite a few of it’s servers recently following the discovery of a fairly severe flaw in it’s systems.
Just to show that Linux systems aren’t invulnerable and immune to all security issues.
Ubuntu suffered quite heavily recently too, so don’t assume just because you use Linux you’re safe.

[...]

More hacker humour - this is a good one!
—
So I’ve been a professor at this ‘little school’ for a while now. I love my job. My classes contain students from all age groups. I have a few 17 year old high schoolers that are here because they are bored during the summer. I have a [...]

Seen as though we get a lot of searches for PSP firmware updates and information about homebrew, I thought I’d post about this which popped up a few months ago.
In what undoubtedly will be remembered as a historic and life-changing event for PSP enthusiasts everywhere, a group of coders (Noobz and [...]

As we followed the Gary McKinnon case quite closely whilst it was happening, here’s the latest update.
At least he seems to be getting a break in the case as he’s won the right to have his extradition case heard by the House of Lords.

Gary McKinnon, the ex-systems administrator accused of conducting the biggest military hack [...]

Not just attempts, but 844 successful intrusions over the past two years, quite a scary statistic no?
They are actually having a subcommittee hearing entitled “Hacking the Homeland”.
This includes all kinds of intrusions including web site hacks, viruses, worms and other kinds of intrusion.

DHS and its constituent agencies have suffered more than 800 serious computer security [...]

Judging by figures alone, Vista is more secure than Mac OSX and Linux? I somehow find this a rather strange claim, I guess these things are always subjective.
Most numbers can be moulded into any shape you want, and can show any result you like.

According to the numbers given in a new report from Microsoft, Windows [...]

Since Ubuntu is getting so fantastically popular nowadays I thought this might be useful to some of you.
I personally think Ubuntu is great, the features, ease of installation, stability and especially the work they have done on things like wireless drivers make it a breeze to get up and running.
It is a pretty secure distro [...]

It not surprising SQL Injection and database hacking are getting more frequent as people ramp up perimeter security more often than not they forget about interior security, software application security and most of all database security.

Of the 2007 total corporate IT budget, respondents said they have allocated 34 percent for database infrastructure and 20.6 percent [...]

Finally a new Phrack! Phrack 64 has been released a while back at the end of May, and it’s been quite a wait.
At the beginning in 1985, Phrack started as an anarchy magazine. You can learn from the first issues how to create your own bomb or how to seriously take advantage of the world [...]

I was thinking that the darknet authors should create videos when they write about different tools… It should be fun to see presentations… and also would bring darknet more hits…
I made a video for my previous article, and uploaded it to youtube: stealth techniques - syn

…for better quality download it: here
Is any author on darknet [...]

Another to add to your list and your RSS feedreader, Google Online Security Blog.

Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we’ve been looking for a way to foster discussion on the topic and keep users informed. Thus, we’ve [...]

I’ve heard this ‘rumour’ plenty of times, I always suspected it was true and Adobe have said similar things about their software.
If you are going to pirate, Microsoft wants you to pirate their software as when you go legit you are already locked in to their proprietary system.
All the more grounds for OSS if you [...]

Well at least it shows the Internet is not very susceptible to such attacks due to its distributed nature, even if the root nameservers are down, the DNS system still functions.
This was a pretty heavy attack though and the most significant in the past 5 years or so, someone testing their ego I guess.
I CAN [...]

Backup Platinum is an Windows platform backup program to make another copy of your important stuff so if your PC burns/gets pwned/crashes etc you won’t lose everything.
It supports backup by Hard or USB drives, CD-R/W or DVD±R/RW media, FTP server or Local Area Network (LAN).
It’s easy enough to download and install, you can grab it [...]

It’s a scary thought to find out perhaps a quarter of Internet connected machines could be zombies…The sad part is, I think it could well be true, as most of the non tech savvy Internet users I know still use Internet Exploder and their machines are riddled with crapware, trojans, viruses and spyware.
Imagine how many [...]

It’s good to have a variety of Operating Systems in your hacking lab at home, it helps you get familiar with them..as to break things, you have to know how they work first.
So get to know Solaris, they have some pretty neat security related software inside their OS and generally are pretty good when it [...]

As always, spam filters get better and smarter, but so do spammers..and frankly spammers have more to gain by beating the spam filters so they always work harder and think in more innovative ways.
As they get their spam resembling real emails more and more, the spam filters become less accurate.
On top of that they start [...]

Towards the end of last year Cafepress.com came under heavy DDoS attack (Distributed Denial of Service) which took it down for some time.
The problem with DDoS attacks is there’s not much you can do to prevent it, if that guy has enough zombies resulting in enough bandwidth, you are going down.
DDoS attacks have gotten pretty [...]

This is sad news as PHP hasn’t particularly had a good security record in the past.
He has voiced his frustrations with the internal workings of the PHP team and the development process, he has been working hard to make PHP inherently more secure…But from the look of things it seems like he was having a [...]

It seems like it’s getting really serious in the Gary McKinnon case, he’s facing what looks like his last appeal against the US anti-terror law case against him for hacking some NASA systems by guessing the weak passwords.
Not like he’s really a terrorist, or did any damage…he did something very stupid though, bruised the ego [...]

It seems common in most things, and it’s the same in infosec and especially malware, phishing and spam.
The majority of malware, phishing attacks and spam mails are coming from the same few sources, I’d say it’s a case of 80/20.
20% of the people are sending 80% of the messages, one of the big groups is [...]

Criminals are not stupid, cyber criminals are the same breed, perhaps even smarter than the traditionalists as they are utilising new ways of doing the same old tricks online.
Now the online criminals are recruiting fresh grads to help them push the boundaries further.

Organised crime is “grooming” a new generation of would-be cybercriminals using tactics which [...]

Ah finally a decent 0-day exploit tracker, one that isn’t underground and could be fairly useful to everyone.
0-day as basically stated in the article is an exploit not known publicly or available publicly well before any patches are available, some private groups often have exploits for a year or more before someone else discovers them, [...]

Hackers are switching targets now, companies are getting too hard to break into due to the availability of decently configured perimeter kit like firewalls and IDS.
Plus the information they do get if they manage to break in is often worthless commercially and really not worth the effort.
So instead, they target the end user, home bankers, [...]

No surprise really? Microsoft and they monopoly strategies, anti-competitive behaviour, nothing new really is it?

Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate.
The fight is over the display of technology that helps Vista owners manage the security tools on their PC. Symantec, McAfee, Check Point Software Technologies and [...]

It has happened quite a few times lately, politically tight situations, mistakes, data or information leaks and whoops damn…er…let’s blame it on hackers!
Case 1:

California Highway Patrol officials have opened a criminal investigation into “multiple” breaches and illegal downloads by outside hackers into the computers of Gov. Arnold Schwarzenegger’s office, after an embarrassing private taped conversation [...]

Looks like Mozilla is toughening it’s stance on security, people have been putting it down lately, especially those from the Microsoft camp as there have been a few flaws.
But well, it’s still not part of the operating system, the flaws are generally fixed within a couple of days and the patching system is simple and [...]

Not sure if any of you heard of this new super secure ultra cool web browser called Browzar?
There was a bit of a backlash as it turned out Browzar was just another custom wrapper for Internet Exploder.
Security experts are crying foul over a new supposedly secure browser application.
Browzar is promoted as an easy way for [...]

This is a little scary, intensely personal ads which to be frank are getting a little invasive as it is..It’s like the part in minority report where the billboards scan your eyes and talk to you using your name and history of purchases.
It looks like it might be happening sooner than we think.

The first thing [...]

Ah China, always been famous for repressing their population, now there repression is moving onto the Internet and using digital means..
Just like the so called ‘Great Firewall of China’, I’ve been meaning to do an article about that for quite some time, I have something drafted.
Anyway the latest thing China has done has made it [...]

Ah the anti-trust battle continues, good to see someone with technical skills involved, I wonder how the case is coming along, I haven’t heard about it for a while.
Again this is quite an old story.

As an expert witness on digital crime, British computer consultant Neil Barrett has helped prosecutors in the United Kingdom convict murderers [...]

Ethical debates are always interesting, and people have gotten in trouble lately for reverse engineering and various other branches of research.
This is a fairly old topic, but as I’m clearing out some old drafts, I still find it an interesting one.
There’s been an ongoing debate in security circles concerning how security researchers should disclose vulnerabilities [...]

Can you believe this the provincial government in British Columbia has managed to auction off a set of data tapes containing people’s social insurance numbers, dates of birth and medical records among other information.

The provincial government has auctioned off computer tapes containing thousands of highly sensitive records, including information about people’s medical conditions, their social [...]

It seems people are turning some attention towards the security of Open Office finally, I for one say this is a good thing as it means it’s making inroads, it’s becoming popular, it’s getting to be a contender.
If people are seriously considering the security implications of using Open Office it means they are actually really [...]

Splogs are becoming a huge problem, half the stuff you search for nowadays returns a splog, mostly auto syndicated content.
I find a lot of my own entries on there, surrounded by Adsense ads.
New age scrapers I guess.

Technorati returns a lot of results from splogs too, but at least they have made some efforts to clean [...]

Scammers are getting more inventive and so it seems more technically advanced. They have actually duplicated the Interpol site to dupe people.

419 advanced fee scammers have created an exact copy of the Interpol website, which is expected to be used to dupe victims into believing they are dealing with the real International Criminal Police Organisation.
A [...]

Just to let you all know, if you are using Wordpress you can upgrade today.
The latest stable release of WordPress (Version 2.0.4) is available.
his release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty solid release across [...]

It turns out yesterday one of the planned speakers at HOPE Number 6 was arrested on Saturday and is being charged by the FBI.
Security Fix obtained a copy of the complaint against “Steven Rambam” the private investigator arrested Saturday at the Hope Number Six hacker conference in New York City. The government document says Rambam [...]

Symantec has made a research and affirming to there research Windows Vista will be more insecure than Windows XP, because most of the new code is fresh, and the old code isn’t used anymore…

Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner [...]

CAPTCHA, acronym for “completely automated public Turing test to tell computers and humans apart” is used, most of the times at least, as an authentication mechanism. Not to prove your identity, but to do a much simpler job than that; to prove your a human.
With the bad guys always a step ahead (which is cool [...]

Now this is a scary though, with the digitisation of the old analogue power stations and the accidental cross-over of networks (as we’ve seen before) people could soon be hacking nuclear power station control systems..

he nuclear power industry is going digital — replacing mechanical systems with more efficient, networked computer-controls.
If that makes you nervous in [...]

An interesting speculative post on the forensics techniques that would most likely be used by the FBI during the investigation of the recovered Veteran’s Adminsitration laptop.
Most of them are pretty straight forwards if you have any kind of experience with digital forensics and data recovery (disaster recovery, incident response etc.)

As a former Computer Forensic Specialist, [...]

Ah, so finally they got it back, from a street corner of all places.
Let’s hope they shall be a little more careful in the future yah?

The missing laptop and hard drive that contained veterans’ personal information has been found, Veterans Administration Chief Jim Nicholson announced Thursday.
The announcement came at the beginning of a hearing [...]

Forgot to post this earlier. I received this email from SANS Institute sometime in April. They seem to be having two of their training sessions in singapore in August. Those who live in Asia or anywhere near the region and are interested can look it up. SANS Institute has one of [...]

Another HUGE information leak from the US government, seems they can’t help themselves.
Or perhaps people are just ramping up the efforts against them..

The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website.
The Navy said Friday the information was [...]

Well I would say this was true for office workers everywhere, not particularly just Brits.
But well the British are an inquisitive nation, so this doesn’t suprise me at all.

Nearly a quarter (22 per cent) of UK employees admit to having illegally accessed sensitive data such as salary details from their firms employer’s IT systems. More [...]

Irrepressible Adj. 1) Impossible to repress or control.
Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information.

The Internet is a new frontier in the struggle for human rights. Governments – with the help of some of the biggest IT companies in the world – are cracking down [...]

MySpace owned again..let’s quote them for a penetration test or vulnerability assessment haha.

TWO New York teenagers are reportedly in police custody after allegedly threatening to give out the personal information of users of MySpace.com unless they are paid $US150,000 ($200,000). Associated Press reported Shaun Harrison, 18, and Saverio Mondelli, 19, of Suffolk County, face computer [...]

I’ve seen similar figures from other organisations and countries, so the stats don’t suprise me.
My peers and I have always called this Armadillo security, hard on the outside, soft on the inside.
Firewall, IDS, etc…all protecting the exterior of the network, only edge devices, nothing inside, not much policies, not much privelege segregation, anyone inside can [...]

Interesting to see this just a little while after Malaysia announced IMPACT, it’s anti cyber-terrorist task force..
IMPACT is its name, and making an impact in the battle against cyber-terrorism is its mission. Unveiled in Austin, Texas, the Malaysian initiative seeks to bring together governments and the international private sector to deal with increasing threats in [...]

A year? A whole year? A few days I can take, but surely if an Admin doesn’t know what’s going with his machines for a year….compromised for a year, there is something wrong.

An unprecedented string of electronic intrusions has prompted Ohio University to place at least one technician on paid administrative leave and begin [...]

There’s an interesting audio file about the next 50 years of computer security, it’s from a talk Alan Coxa a fellow at Red Hat Linux gave recently at the European OSCON.

It talks about the implementations of modularity, trusted computing hardware (we are already seing this in part, hardware anti-virus implementations and DRM to be built [...]

It is a little over the top, this guy used over the counter kiddy tool and ‘hacked’ into systems because of blank passwords.
Not rocket science, and apparently the machines he had access to were air-gapped, or segregated from the networks containing sensitive information, so the charges are greatly trumped up and are NOT relative to [...]

Switchback? For the worst? Aww Microsoft would never compromise our security for the sake of convenience or their profit line right?

Microsoft has shelved plans to include native support for RSA’s SecurID tokens in Windows Vista, even though the company has been trialling the technology for almost two years.
In February 2004, Microsoft chairman Bill Gates announced [...]

It turns out Gary McKinnon got sloppy, that’s why he got busted. He forgot the computers he was comprimising were in a completely different time zone, and as he was using remote control software, the person in the office saw their mouse moving around. We have reported about this guy before, when he was fearing [...]

I have always said no matter what it be, you need to start ‘em young!
Same for open source, don’t lock kid into Microsoft operating systems in the schools, give dual boot machines, let them use Ubuntu or Debian or something else. Let them explore free software, let the smart ones see the source, fix the [...]

A competitor for our buddy Google Desktop perhaps?
ORACLE, the world’s third- biggest software maker, has begun selling software that allows users to search only personal data on their work computers such as email, word documents and calendar appointments.
Chief executive Larry Ellison says the California company’s new search program “is one of the biggest products in [...]

Well I would have thought these guys should have had a little better security..
The Department of Homeland Security received an F (Failing) grade in cybersecurity from the House Government Reform Committee for the third year in a row. The Committee will likely give the Fed a D+ overall for its cybersecurity efforts. The grades will [...]

China are moving further away from the rest of the world when it comes to the Internet, taking control, making sure information doesn’t get out and making sure other people don’t have access to anything behind the Great Firewall of China.
China’s Ministry of Information Industry (MII) has made adjustment to China’s Internet domain name system [...]

The main thing is the massive kernel overhaul, it’s actually adding some decent functionality and refining the architecture to become more like Linux!
While the kernel in Vista is still primarily the same one as in Windows 2000 and XP, there have been some significant changes to tighten up security. Fewer parts of the OS [...]

Is it ethical or even legal to charge for other peoples work?
As far as I know France seems have some pretty strong (and weird) copyright laws.

And yes, they are blaming French Laws prohibiting full disclosure.
In conformity with applicable French laws prohibiting Full-disclosure, the FrSIRT will no longer distribute exploits and PoCs on its public [...]

This could be the end of reverse engineering in France sadly, I hope it doesn’t have repucussions in other parts of the world.
I think it’s the end of using reverse engineering tools to find flaws in France. Maybe the next step will be to forbid the possession of debuggers and disassemblers.

It’s a valid course of [...]

Types of activities that will become illegal under the proposed laws include making or supplying “hacking tools”- computer programmes or code that can help crack passwords or bypass security systems - and will be punishable by up to two years in prison.
Isn’t this legitimate action for any security enthusiast, hobbiest or professional involved in penetration [...]

Amazing, now ripping YOUR OWN CD’s to use on YOUR iPod is not fair use according to the new DMCA rulings currently being created.
As part of the on-going DMCA rule-making proceedings, the RIAA and other copyright industry associations submitted a filing that included this gem as part of their argument that space-shifting and format-shifting do [...]

The RIAA’s latest tactic, is to reveal to Santangelo and her new lawyer that they’ve been investigating her children, and have been able to collect a lot of non-public information. The RIAA will probably claim that the info is related to the case, but it certainly