tag:blogger.com,1999:blog-5374732426354458342024-03-06T03:37:38.490-05:00Zero-Day Computer Security BlogBringing You Tech Security News DailySamhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-537473242635445834.post-54406209911732581452012-03-05T23:11:00.001-05:002012-03-05T23:11:31.933-05:00The Pwn Plug
The Elite Pwn Plug
The Pwn Plug is a wicked little white device that looks like a big power adapter. It is actually a mini-computer that is preloaded with a hacker's dream toolbox. It quickly allows an attack to plug into your network and walk away. Leaving this device to infect your network and allow him to have remote access. There is even an "elite" version that can connect to a mobile Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com0tag:blogger.com,1999:blog-537473242635445834.post-12309638091191165852011-10-19T01:35:00.000-04:002012-12-16T18:17:28.258-05:00State sanctioned German "Quellen-TKÜ" (source wiretapping) trojan does
more than listen in.
Image by MarkusramArs Technica reports about the Chaos Computer Clubs analysis of the state sanctioned German source wiretapping trojan. They report than the malware has the ability to add new components remotely. This could allow German authorities to do any number of things from eavesdropping to completely controlling the infected machine. They also report that due to the poor quality of the Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com0tag:blogger.com,1999:blog-537473242635445834.post-79989233116778371652011-02-26T13:10:00.000-05:002011-02-26T13:10:04.891-05:00Anonymous, In it for the LuLz...After all the damage anonymous caused HBGary you'd think they'd be done punishing them, but not just yet. HBGary was scheduled to speak at the RSA convention that took place February 14-18 in San Fransico. They arrived and set up their booth and left for the night to prepare their talks for the next day. They were going to unviel a new product called Razor, it was a computer / software combo thatSamhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com9tag:blogger.com,1999:blog-537473242635445834.post-30697352705228101352011-02-22T19:14:00.000-05:002011-02-22T19:14:48.603-05:00Iranian's Deface American WebsitesVoice of America websites and the websites of their affiliates have been DDoS'd and defaced with an image of the Iranian flag and a gun. These hacks have been claimed by the hacker group calling itself the Iranian Cyber Army. VoA broadcasts radio and tv internationally and these attacks come along side the protests tearing through the middle east.
Source: Ars Technica
It is Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com6tag:blogger.com,1999:blog-537473242635445834.post-69420230692923134602011-02-21T19:43:00.001-05:002012-12-15T06:21:41.464-05:00Quick Tip - Whole Disk EncryptionToday I wanted to give a quick tip about adding encryption to your whole harddrive, not just independent files. This is important for portable devices that hold low level sensitive data, like your search history, saved passwords, or just scattered files that are too many to round up and encrypt.
I'm going to focus on TrueCrypt because it is open-source and works on all the popular operating Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com10tag:blogger.com,1999:blog-537473242635445834.post-46451181534490462182011-02-20T16:34:00.002-05:002011-02-20T20:02:30.907-05:00Follow-up New Cyber Warfare
Source: http://arstechnica.com
I wrote recently linking to an article on Ars Technica about HBGary selling exploits to the government. It is a long article and I have been slowly working through it to give a summary of what it brings to light. I have a few every interesting things that have been going on.
These aren't really surprising, to me at least, but I find them very enlightening. Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com9tag:blogger.com,1999:blog-537473242635445834.post-57083108422631043482011-02-19T18:00:00.002-05:002011-02-19T18:01:00.786-05:00QuickTip - GnuPG On Windows and LinuxGnuPG is the GNU project's implementation of the OpenPGP standard. PGP stands for Pretty Good Privacy, and is a type of public key encryption. This type of encryption has been around for a very long time and relies on a private key and public key pair to work successfully. You encrypt something with your private key and it can only be decrypted using your public key. But it's just that, public soSamhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com6tag:blogger.com,1999:blog-537473242635445834.post-56641027750416076312011-02-18T20:44:00.001-05:002011-02-19T01:14:25.016-05:00A deep look into US Military and CyberWarArstechnica has a (long) story up about HBGary and how they wrote backdoors for the US government.
This is very interesting look into the Black Ops of computer security. We all need to be aware of what is out there and what is going on.
If you have time give this article a read. If you don't know Ars articles are always well researched and written. Warning: It is a 5+ page article.
http://Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com4tag:blogger.com,1999:blog-537473242635445834.post-81751988475111764682011-02-17T22:22:00.001-05:002011-02-17T22:43:16.790-05:007 Types of HackersRoger Grimes, Security Advisor at Infoworld.com, has an article about the 7 types of hackers.
Cyber Criminals
Spammers / Adware Spreaders
Advanced Persistent Threat Agents
Corporate spies
Hactivists
Cyber warriors
Rogue hackers
This is an interesting and quick read. I hope this helps explain to people there is more than one type of hacker, not always criminals with evil intent.Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com11tag:blogger.com,1999:blog-537473242635445834.post-55611274786207393642011-02-17T20:38:00.000-05:002011-02-17T20:38:44.328-05:00Potential PSN HacksSince the PS3 encryption key has been cracked hackers have been studying the firmware and have found some interesting things out about the way your PS3 interacts with the PlayStation Network. One hacker reports that he has found evidence that your credit card information is sent to the PSN in an unencrypted text file, granted over a SSL connection. This would be secure as long as you aren't Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com2tag:blogger.com,1999:blog-537473242635445834.post-30757498302560215152011-02-16T21:26:00.002-05:002011-06-29T02:07:44.118-04:00Quick Tip - PasswordsIn light of all the password leaks recently ( Gawker and HBGary ), I thought maybe I should give some quick tips of good password etiquette:
1. Pick a strong password
That means not a dictionary word
Contains more than just letters, like a number AND a special character
Make it longer than 8 characters
2. Don't reuse the same password on multiple accounts.This is bad because if your Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com8tag:blogger.com,1999:blog-537473242635445834.post-20756690404804108042011-02-16T15:54:00.003-05:002011-02-19T01:17:05.400-05:00HBGary vs AnonymousHBGary is a computer security company that does penetration testing, intrusion detection and worm detection, quarantine, and analysis. They present themselves as experts in the computer security field, but recently they were successfully compromised by basic well known techniques.
Aaron Barr was conducting what he called "just research" on information gathering through social media. He would useSamhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com3tag:blogger.com,1999:blog-537473242635445834.post-38339499427837292622011-02-16T00:48:00.006-05:002011-10-19T01:07:58.235-04:00Anonymous Releases Stuxnet Source CodeFox News reports that an unencrypted version of the Stuxnet worm source code has been released online by the group known as Anonymous. This version was being studied by HBGary Federal and was discovered when Anonymous hacked into their network earlier this month.
For those who don't know the Stuxnet worm was the first computer worm to specifically target SCADA (Supervisory Control and Data Samhttp://www.blogger.com/profile/06823512850122619340noreply@blogger.com7