Google code search
Google now has a service that allows anyone to search open source repositories for vulnerable signatures. This is great.
I am an advocate of open source for these very reasons. The point of open source code is two fold: The removal of bureaucratic barriers, and the peer review of functionality for usefulness and security. It is a myth that open source threatens business models, since they are supposed to adapt anyway. Thirdly, digital rights empowers the pocketbooks of lawyers, not business people, and not certainly consumers.
Having given those bold and arguable statements, consider the following quote from the article referenced in the link below:
"Any new technology allows for a new attack vector," Long said. "The big question is whether the good guys will discover it first."
One of my best friends just told me he is opening a local pub in San Diego, called Hamiltons Tavern. (they don't even have a website yet, how great is that!!) How I would like to just sit back and shoot meaningless BS with my friends right about now.......
Google Code Search peers into programs' flaws
I am an advocate of open source for these very reasons. The point of open source code is two fold: The removal of bureaucratic barriers, and the peer review of functionality for usefulness and security. It is a myth that open source threatens business models, since they are supposed to adapt anyway. Thirdly, digital rights empowers the pocketbooks of lawyers, not business people, and not certainly consumers.
Having given those bold and arguable statements, consider the following quote from the article referenced in the link below:
"Any new technology allows for a new attack vector," Long said. "The big question is whether the good guys will discover it first."
One of my best friends just told me he is opening a local pub in San Diego, called Hamiltons Tavern. (they don't even have a website yet, how great is that!!) How I would like to just sit back and shoot meaningless BS with my friends right about now.......
Google Code Search peers into programs' flaws
Collect files from a USB drive and have them emailed
Called a "USB Hacksaw" this article describes how to create a USB drive that will infect a machine with code that will archive and email the attacker with the files on every other USB drive inserted afterwards. If that sentence was hard to follow, just check out the article; and go find an encryption utility for your own USB drive immediately.
USB Hacksaw
USB Hacksaw
Addemdum to post on 09/23
In the earlier post I mentioned a virtual machine that would make it easy to setup an instrusion detection system.
This one is even better. You will probably want to register for an "oink code" at "http://snort.org" but you don't have to. The default settings will show you plenty enough.
The file comes as a VM. If you set it up as a single bridged network adapter, you can run it in the free vmware player and have complete intrusion detection for your local host.
Network Security Toolkit (NST) Virtual Machine
This one is even better. You will probably want to register for an "oink code" at "http://snort.org" but you don't have to. The default settings will show you plenty enough.
The file comes as a VM. If you set it up as a single bridged network adapter, you can run it in the free vmware player and have complete intrusion detection for your local host.
Network Security Toolkit (NST) Virtual Machine
Mountain America Credit Union -- NOT !!!
I have mentioned this SSLMiTM attack in several classes,
here is the link to the story:
"The New Face Of Phishing" From the Washington Post
here is the link to the story:
"The New Face Of Phishing" From the Washington Post
IE7 Toolbar Mayem
There have seen several articals on this topic. Every one of them funny. They remind me of my bachelor days when I had a freezer that needed defrosting and I procrastinated on doing so; I could only squeeze in one TV dinner due to all of the frost. This version of Internet Explorer reminded me of that freezer; only a few pixels left for brainfood.
IE7 in toolbar mayhem
IE7 in toolbar mayhem
Explanation of the "Web Attacker Toolkit"
The link below points to an article on the metasploit site that walks through some of the main components of the web attack toolkit sold for around $15 by a Russian website.
Do a quick google search for "Web Attack Toolkit" and you will find hundreds of articles discussing statistics about how prevalent the problem is, but perhaps for reasons of being responsible, these articles rarely give technical details.
When you read the metasploit article below, look for the links to browser test sites and try them out. In my experiences, Firefox and Opera come up fairly clean. IE on the other hand...ouch.
Internet Drive-By shootings
Do a quick google search for "Web Attack Toolkit" and you will find hundreds of articles discussing statistics about how prevalent the problem is, but perhaps for reasons of being responsible, these articles rarely give technical details.
When you read the metasploit article below, look for the links to browser test sites and try them out. In my experiences, Firefox and Opera come up fairly clean. IE on the other hand...ouch.
Internet Drive-By shootings
Something fun: 10 things to do with google earth
Not much to comment about on this link, but if you are a fan of Google earth or are wondering what it is; check it out.
http://www.googleearthhacks.com/ten-things-with-Google-Earth/summary.php
http://www.googleearthhacks.com/ten-things-with-Google-Earth/summary.php
Hacked by his own hosting provider
This is a cautionary tale about a customer being offered a 'free service' by an employee of his own hosting company that turned out to be a hack.
Bored employees can be dangerous; in order to impress their friends or themselves they resort to playing jokes on competitors or customers. Of course the employer ends up feeling the damage along with the customer. The employee who engages in this behaviour gets off the easiest. They just get fired and because of our broken hiring system they may even get a raise at the next job!
Hacked by my host! Be Careful!
Bored employees can be dangerous; in order to impress their friends or themselves they resort to playing jokes on competitors or customers. Of course the employer ends up feeling the damage along with the customer. The employee who engages in this behaviour gets off the easiest. They just get fired and because of our broken hiring system they may even get a raise at the next job!
Hacked by my host! Be Careful!
Forensic tools and presentations
Found these links and recording them here for quick reference:
Wiki list of forensic tools
DFWS Presentations
Wiki list of forensic tools
DFWS Presentations
