Irregular Expressions


October 21, 2011  9:28 PM

Metasploit community editions



Posted by: Dan O'Connor
metasploit, metasploit community edition

I just noticed that there is a community edition of metasploit.

I have been using the opensource for ever, I have not even stopped to look at the commercial edition.  Here is the posting from Moore.

https://community.rapid7.com/community/metasploit/blog/2011/10/18/introducing-metasploit-community-edition

You can get a free key and enjoy a less technical interface.

October 21, 2011  9:19 PM

Some interesting points on TLS



Posted by: Dan O'Connor
ca attacks, ssl attacks, tls attacks

The create of SSL makes a couple good points.

http://www.bbc.co.uk/news/technology-15348821

I think inevitable that a cert signer is attacked again if one is not currently compromised right now.  If a person or nation state wanted to attack an SSL service having access to a CA is the way to go.  A good idea might be to cut down the number of entities that can create these.


October 19, 2011  9:49 PM

The economics of celebrity images



Posted by: Dan O'Connor
celebrity cell phone hacking, cell phone hacking

For reasons I don’t understand it appears that some people take and keep photos of them selves that they would not want other people to see.  Conveniently almost everyone has a cell phone with a camera and a web mail account.

Lets do a hypothetical, you have access to a few sets of images.  Now what do you do with them?  You could sell them, but to who?  You could try the mainstream famous people papers, or you can try some groups that would be more interested in the traffic generated by the images more then the content.

So you would get a good payment from the malware guys, and they get more people infected with their software to steal $$$.


October 19, 2011  7:44 PM

I can’t say anything more then I LoL’d



Posted by: Dan O'Connor
web crawler, webbot

Have you heard of this?

http://en.wikipedia.org/wiki/Web_Bot

I heard it mentioned on a TV show and I needed to check this out.  The person that described it sounded like a character off a prime time action TV show “Hacker”.  Lots of big words but not really in the right order or even the correct context. I have this same problem with a lot of TV shows and movies.

I don’t know how a crawler could predict anything based of the information collected from the internet.  If that was the case I guess you could do the same with any other search engine.


September 29, 2011  8:36 PM

Canadian data breach notification



Posted by: Dan O'Connor

It’s about time something was in place like this.

A few of the points are pretty good, I found some of the points of when and where it will be notified.

http://www.cbc.ca/news/technology/story/2011/09/29/technology-data-breach-pipeda-privacy.html

Like it’s always done it’s based on the U.S patriot act, taking the good and leaving the rest.


September 27, 2011  9:29 PM

COBIT



Posted by: Dan O'Connor
cobit

My next cert I will be tackling is COBIT.

COBIT is a IT governance framework it can help with procedures, aligning IT activities and controls to business risk.

The best part is you can get it all for free!

http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx

The exam is not though.


September 27, 2011  9:23 PM

MySQL malware



Posted by: Dan O'Connor
mysql malware, mysql.com

If you had not heard MySQL.com was serving up malware today.  A nice person has also gone through the trouble of doing all of the research for us.

http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html

There is a few IP’s in there that you will want to check your logs for.


September 25, 2011  9:04 PM

Why I don’t like paying for games



Posted by: Dan O'Connor
poker fraud

I can’t say I am surprised by this, you give a company money and if fly’s right back out the door in to someones pocket.

http://www.dailytech.com/Top+Poker+Site+Poker+Celebrities+Caught+in+444M+USD+Ponzi+Scheme/article22798.htm


September 25, 2011  8:47 PM

Proxy Services



Posted by: Dan O'Connor
anonmyous, hidemyass, lulzec, lulzsec arrest

I have been reading reports of a proxy service being used by one of the latest lulzec members to be arrested.  It appears that the proxy service cooperated during the investigation.

There is a posting on the services blog.

http://www.theatlanticwire.com/technology/2011/09/lulzsec-hacker-exposed-service-he-thought-would-hide-him/42895/

There is a good quote.

Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences. This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers.

I am on the fence about this, I can see both sides very clearly.  It’s one thing to use a service to be anonymous, there is another to use that to break the law.  I have to side with the actions of the company in this case, someone had done something illegal.  So they should cooperate.  On the privacy side I would hope there was a judicial review and access was just not given.  I am not sure if you could have avoided this, maybe not keeping logs?  There is always logs somewhere.


September 25, 2011  8:25 PM

Facebook legal notes



Posted by: Dan O'Connor
facebook legal issues, facebook legal questions, facebook messages

Found a little intresting note regarding the messages and posts you make on facebook.

http://europe-v-facebook.org/EN/Data_Pool/data_pool.html#Messages

You cannot delete a post, the delete button will only hide the message.  The contents of the message is store and can be accessed by law enforcement with-out judicial review.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: