LINUX
CYBERLAW
VIRTUALIZATION
Bugtraq
Packetstorm
FD
GrokLaw
RSS Feed
Netsec, comsec, infosec and IA news, research and trends
12.21.2012
2012: Looking back at the major hacks, leaks and data breaches from Jaren
12.14.2012
iOS Hardening Configuration Guide (AU DSD) from Tarik
12.13.2012
Facebook helps FBI smash global 11 million-strong botnet - from Jaren
12.09.2012
RSA Encryption Number Explained
12.07.2012
Killing the Computer to Save it. Reposted this excellent article posted by Muskrat as the original URL got borked.
Looking for a special XMAS / Hanukkah gift for a security-minded friend or relative? Look no more! from Brian
12.05.2012
Hak5 1216 – Android Hacking with the USB Rubber Ducky
11.29.2012
iPhone Forensics – Analysis of iOS 5 backups : Part 1
11.15.2012
"The convergence of biological and computer viruses" from Jaren
11.12.2012
Support Forums Reveal Soft Underbelly of Critical Infrastructure
"We hear a lot about vulnerabilities in industrial control system (ICS) software. In fact, that’s all we seem to hear about these days. The truth is: there’s a lot to write about. In just the last month, the Department of Homeland Security’s ICS-CERT warned its members about the ability of sophisticated – and even unskilled – attackers to use tools like the Shodan and ERIPP search engines to locate and attack vulnerable industrial control systems (PDF) that are accessible from the public Internet. In the meantime, every couple of weeks brings revelations about serious and remotely exploitable software holes. Most recently, ICS-CERT warned about a critical vulnerability EOScada (PDF), a Windows-based Energy Management System that is used to configure and manage intelligent electronic devices (IEDs) used in electrical, water, sewage and gas applications."
Found from Slashdot ( Support Forums Reveal SCADA Infections )
NASA DTN Protocol: Interplanetary Internet, How It Works, What LEGOS Have to To With It
NASA is calling it the interplanetary Internet, and announcements have been hitting in recent weeks regarding the sending of the first emails, voicemails and, of late, news of an experiment that involved remote controlling of a LEGO space robot with it. But what’s truly cool is the technology enabling it — it’s a protocol called Delay-Tolerant Networking, better known as DTN.
At its heart is Vint Cerf’s Bundle Protocol (BP), a version of the IP protocol he helped develop to pioneer the Internet decades ago.
The New Face of Energy Insecurity
The future of energy insecurity has arrived. In August, a devastating cyber attack rocked one of the world’s most powerful oil companies, Saudi Aramco, Riyadh’s state-owned giant, rendering thirty thousand of its computers useless. This was no garden-variety breach. In the eyes of U.S. defense secretary Leon Panetta, it was “probably the most destructive attack that the private sector has seen to date.”
From Slashdot ( The Cyber Threat To the Global Oil Supply )
11.11.2012
Yet another Adobe 0-day... "Security Firm Finds Zero-day Exploit Capable of Bypassing Adobe Reader Sandbox" from Gerald
11.07.2012
Killing the Computer to Save It
11.06.2012
Virtual machine used to steal crypto keys from other VM on same server
Piercing a key defense found in cloud environments such as Amazon's EC2 service, scientists have devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware.
11.05.2012
Megaupload and The Government's Attack on Cloud Computing -
"the government's approach should terrify any user of cloud computer services--not to mention the providers. The government maintains that Mr. Goodwin lost his property rights in his data by storing it on a cloud computing service."
10.25.2012
CHAMP missile story
Boeing builds missile that can disable electronics via high power microwaves. During testing in the desert, it was able shutdown all computers in a two story building. It also disabled all the cameras filming the exercise.
10.23.2012
Increasing wireless network speed by 1000%, by replacing packets with algebra from Michael
U.S. Government Websites Abused in Ongoing Spam Campaign You have to wonder who's idea it was to offer a .gov URL shortener...
10.22.2012
How to Crack a Wi-Fi Network’s WPA Password with Reaver from Brian
10.19.2012
Applying Unix Philosophy to Personal Productivity
10.18.2012
Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World Zero-day attacks are meaner, more rampant than we ever thought
Pacemaker hack can deliver deadly 830-volt jolt from Jaren
10.16.2012
Newly IDed 'MiniFlame' malware targets individuals for attack from Brian
Textbook Publisher Pearson Takes Down 1.5 Million Teacher And Student Blogs With A Single DMCA Notice
10.13.2012
Texas schools punish students who refuse to be tracked with microchips from Sterling.
10.09.2012
U.S. Panel Cites Risks in Chinese Equipment There are Consequences for Getting Caught
10.04.2012
GhostShell university hack: By the numbers from Jaren
10.03.2012
From the Whiskey Tango Foxtrot Department: Former Copyright Boss: New Technology Should Be Presumed Illegal Until Congress Says Otherwise - via Sterling
Report: Counterfeit electronic parts multiplying at record rate from Sterling
10.02.2012
Adobe Digital Certificate Used to Sign Malware from Gerald
Java 0-day = "complete Java security sandbox bypass "
Universal RFID Key - from Brian
Analyzing the 2008 DFRWS Challenge with Volatility
9.26.2012
Widely used fingerprint reader exposes Windows passwords in seconds from Mike
9.25.2012
Air Force Drone Controllers Embrace Linux, But Why? from Darrell
9.20.2012
Pwn2Own lesson: Don't thumb nose at mobile security threats from Jaren
Kaspersky researcher cracks Flame malware password from Mike
9.18.2012
UFC Hackers Busted from Rodolfo
9.17.2012
Breach of security at 'Fort Knox' of uranium sets off alarms - from Rodolfo
Rethinking the process of hard-drive sanitizing from Glen
9.05.2012
Secret account in mission-critical router opens power plants to tampering from Mike
9.04.2012
Ruh-Roh! Not a good day to be an iPhone user.
9.03.2012
Hak5 Episode 1125 from Brian
8.11.2012
Trapwire "government has created a piece of technology, called TrapWire, that siphons data from surveillance cameras in stores, casinos, and other businesses around the country. Apparently agents can use facial recognition software to analyze this footage for, well, people of interest."
8.07.2012
When common hacks happen to Senior Writers at WIRED...
8.02.2012
IBM and Halliburton attempting to patent patent trolling.
7.27.2012
Iran nuclear facilities 'Thunderstruck' by AC/DC malware
7.26.2012
Immunity Swarm Exploitation Platform - Scan 1 Million+ IPs Per Hour
7.23.2012
NetSec turns 10 on Saturday, July 28th
Power PWN - A GSM enabled, 802.11, 802.15, 802.3 penetration platform.
7.22.2012
The Secret Online Weapons Store That’ll Sell Anyone Anything The Armory began as an offshoot of The Silk Road... It's virtually impossible to trace, and entirely anonymous.To get to The Armory you need [Tor]...TOR routes and reroutes your connection to the Internet through a sprawling maze of encrypted nodes around the world, making it a herculean feat to find out who's who.
Power Pwn: This DARPA-funded power strip will hack your network
(Found from a posting on Slashdot )
7.20.2012
Interesting take on password strategy
7.11.2012
Your Uncle Wants Tech Support? Give Him This USB Stick Users boot their computer to the flash drive, and it launches a customized version of Linux, which connects with a Jumpshot internet service and proceeds to open a browser interface while it scans the computer’s hard drive for viruses crapware and signs of misconfiguration..." This means nasty viruses and rootkits will have a hard time hiding from Jumpshot."
7.08.2012
Analysis of a very social malware "Despite Facebook being not a new attack vector, this malware sample is very interesting...Additionally, this malware is protected against both debugging and network traffic analysis."
7.05.2012
So You Want to Be a Security Expert
7.03.2012
VMware's First Cloud Certification from Jibri
7.02.2012
Announcing Mac Support in Volatility (more)
6.29.2012
RATs of Unusual Sizes - from Will
6.19.2012
Linux grabs its single biggest win (after Air Force drones get infected by "virus")> from Brian
6.17.2012
The Six Dumbest Ideas in Computer Security from Will
Enhanced Mitigation Experience Toolkit (EMET) - EMET 3.0 from Will
6.15.2012
FBI, DEA warn IPv6 could shield criminals from police
U.S. and Canadian law enforcement agencies are warning that a historic switch to the next-generation Internet protocol called IPv6 may imperil investigations by making it more difficult to trace who's using which electronic address.
6.07.2012
LinkedIn Password Database Compromised - Gah Wha???? No Salt??? That's amazing!(ly stupid)
6.06.2012
It appears 6.5 million LinkedIn passwords were hacked.
6.05.2012
Woes me information (cyber) security is hard
6.03.2012
iOS Security Guide from Tarik
EHR Event of the Month: "Betrayed by Your Allies" - When Antivirus Software IS the Problem.
5.30.2012
Web 2.0 Suicide Machine from Tarik
5.29.2012
Researchers Find Backdoor in Milspec Silicon... or not.
5.26.2012
POC for Signing Packages with Yahoo's Leaked Certificate
Yahoo! Leaks Private Key in Axis Extension for Chrome
5.25.2012
Serco reveals hackers compromised their Thrift Savings Plan system in July 2011. The FBI informed Serco of this breach in April 2012.
5.24.2012
Anonymous Hacks Justice Dept. Database from Aaron
4th Amendment / Constitution Gutted by Senate Panel from Aaron
5.23.2012
Totally unrelated to NetSec but today's Google Doodle (a playable Moogle in honor of Bob Moog's birthday) is awesome.
5.22.2012
I know nothing of this product but the commercial is funny. Using one word to describe security
Anatomy of a security hole - the break that broke sudo from Kathy
5.02.2012
Blue Coat Systems 2012 Web Security Report: Exposing Malnet Strategies and Best Practices for Threat Protection
5.01.2012
How quantum cryptography works (but it isn't unbreakable).
4.25.2012
VMware Confirms ESX Server Hypervisor Source Code Leak
VMware on Tuesday announced that a single file from its ESX server hypervisor source code has been posted online, and it held out the possibility that more proprietary files could be leaked in the future.
4.24.2012
All aboard the PWNie Express
4.16.2012
Phrack 68, better late than never.
4.11.2012
VCAP5-DCA Beta
4.05.2012
Hackers hitting Macs with Flashback Trojan malware
"All the stuff the bad guys have learned for doing attacks in the PC world is now starting to transition to the Mac world," McAfee Labs director of threat intelligence Dave Marcus told AFP.
Quantum computer built inside a diamond.
A team that includes scientists from USC has built a quantum computer in a diamond, the first of its kind to include protection against "decoherence" -- noise that prevents the computer from functioning properly.
3.20.2012
RVA Hackathon from Ron
Problems with Pending Cybersecurity Legislation
3.15.2012
FBI, stumped by pimp's Android pattern lock, serves warrant on Google
3.10.2012
Hot-spot honeypot-CNET
3.03.2012
Anonymous Members Hacked During Their Own DDoS Attacks "Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets," Symantec wrote, "but may also be at risk of having their online banking and email credentials stolen."
3.02.2012
UofM Prof & Grad Students hack DC Schools e-Voting systems, electing Bender Bending Rodriguez President...And makes them more secure in the process.
Former Director NSA and CIA says Stuxnet Virus a good idea, concerned that code is now revealed
3.01.2012
Feds Decrypt Defendant’s Laptop Without Her Permisshttp://www.blogger.com/img/blank.gifion"According to Fricosu's attorney, authorities "must have used or found successful one of the passwords the co-defendant provided them". He added that a copy of the information discovered on the drive was delivered to him on Tuesday."
2.29.2012
IBM makes a step towards Quantim Computing.
More information and a video!
2.28.2012
Appeals Court Upholds Constitutional Right Against Forced Decryption
2.23.2012
Stealing for science"UT researcher Trajce Dimkov asked the students to steal the machines as part of a scientific experiment. Stealing these laptops turned out to be a pretty simple matter.
2.17.2012
Google caught in privacy breach...again
"The slip-up was uncovered by a researcher at Stanford University, who discovered that the company had secretly overridden a block in Apple’s Safari browser that was meant to bar illicit tracking by advertisers."
2.14.2012
Ron was wrong, Whit is right: Are secure RSA keys only for the 99.8%?
Feds: Ex-NSA analyst had top-secret-plus info on home computers from Red
2.09.2012
Symantec Source Code Extortion E-Mails
Satellite Telephony is Unsafe
2.08.2012
Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy
Trustwave admits issuing man-in-the-middle digital certificate, Mozilla debates punishment
2.04.2012
Anonymous gain access to FBI and Scotland Yard hacking call from Charles
2.03.2012
Anonymous listens in on Teleconference with Scotland Yard and other Law Enforcement Agencies talking about their group and discussing evidence gathered thus far.
Anonymous joins FBI/Scotland Yard phone call
2.02.2012
VeriSign Hit by Hackers in 2010 "The filing doesn’t say when in 2010 the breaches occurred, but administrators didn’t alert top management until September 2011,"
2.01.2012
I was allowed the honor of being added as an Contributing Member , I hope to provide more actual information concerning Network Security and not disappoint anyone.Labels: Newly added Contributing member
1.31.2012
National Geographic - Welcome to the NSA
1.30.2012
Hacker's Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets This is why I love hacker conferences.
1.29.2012
Russia Must Be Ready for Space, Cyber Wars from Mr. Grundy
1.28.2012
Hawaii and its unprecedented proposal to keep long term internet history.
Is it worth it; not a bit.
Spying for the cheap.
1.27.2012
Symantec advises customers to stop using pcAnywhere until they apply new patches.
1.26.2012
Why the Supreme Court GPS Decision in US V Jones Won't Stop Warrantless Digital Surveillance
FBI releases plans to monitor social networks from Mr. Grundy
1.25.2012
Decrypting laptop doesn't count as self-incrimination, US federal judge rules - This will eventually make it's way to the SCOTUS. It will be interesting to see the outcome.
1.24.2012
New Attacks on AES!
Biclique Cryptanalysis of the Full AES - "As our attacks are of high computational
complexity, they do not threaten the practical use of AES in any way."
1.23.2012
Anonymous Deletes CBS, Universal Sites; is Xbox Live Next?
NTT Develops 15Gbps Milliwave Transceiver Module from Sean
1.22.2012
Quantum physics enables perfectly secure cloud computing
1.20.2012
Anonymous attacks government, music industry sites in largest attack ever - from Sean
Anonymous Goes on Megaupload Revenge Spree: DoJ, RIAA, MPAA, and Universal Music All Offline from Red
1.19.2012
Infiltrate Wrap Up
Dates Announced for INFILTRATE 2013:
Web Hacking 1/7/13 - 1/9/13
(Check-in party the night of the 9th, at the rooftop bar)
Conference 1/10/13 - 1/11/13
Unethical Hacking Class 1/14/13 - 1/17/13
Masters Class 1/14/13 - 1/18/13
1.16.2012
Zappos = 24M Users Owned from Red
1.14.2012
Yet another Zombie Alert! - from Francis - Watch your brains!
1.12.2012
The next Digital Forensic Research Workshop (DFRWS) will held from August 6 to 8, 2012 in Washington, D.C. at the Embassy Suites Downtown hotel. The Call for Papers, workshops, and panels is now open; submissions are due February 20, 2012.
1.09.2012
Can you be forced by law to decrypt your computer? US v. Fricosu court case rages on
New Paper - Acquisition and Analysis of Volatile Memory from Android Devices
1.07.2012
SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 - Impact = Critical
1.06.2012
Symantec use's its Facebook to confirm that source code for certain enterprise products have been leaked. Security Week Article & Facebook
1.02.2012
Antisec Hits Private Intel Firm; Millions of Docs Allegedly Lifted from Red
