I just noticed that there is a community edition of metasploit.
I have been using the opensource for ever, I have not even stopped to look at the commercial edition. Here is the posting from Moore.
You can get a free key and enjoy a less technical interface.
The create of SSL makes a couple good points.
I think inevitable that a cert signer is attacked again if one is not currently compromised right now. If a person or nation state wanted to attack an SSL service having access to a CA is the way to go. A good idea might be to cut down the number of entities that can create these.
For reasons I don’t understand it appears that some people take and keep photos of them selves that they would not want other people to see. Conveniently almost everyone has a cell phone with a camera and a web mail account.
Lets do a hypothetical, you have access to a few sets of images. Now what do you do with them? You could sell them, but to who? You could try the mainstream famous people papers, or you can try some groups that would be more interested in the traffic generated by the images more then the content.
So you would get a good payment from the malware guys, and they get more people infected with their software to steal $$$.
Have you heard of this?
I heard it mentioned on a TV show and I needed to check this out. The person that described it sounded like a character off a prime time action TV show “Hacker”. Lots of big words but not really in the right order or even the correct context. I have this same problem with a lot of TV shows and movies.
I don’t know how a crawler could predict anything based of the information collected from the internet. If that was the case I guess you could do the same with any other search engine.
It’s about time something was in place like this.
A few of the points are pretty good, I found some of the points of when and where it will be notified.
Like it’s always done it’s based on the U.S patriot act, taking the good and leaving the rest.
My next cert I will be tackling is COBIT.
COBIT is a IT governance framework it can help with procedures, aligning IT activities and controls to business risk.
The best part is you can get it all for free!
The exam is not though.
If you had not heard MySQL.com was serving up malware today. A nice person has also gone through the trouble of doing all of the research for us.
There is a few IP’s in there that you will want to check your logs for.
I can’t say I am surprised by this, you give a company money and if fly’s right back out the door in to someones pocket.
I have been reading reports of a proxy service being used by one of the latest lulzec members to be arrested. It appears that the proxy service cooperated during the investigation.
There is a posting on the services blog.
There is a good quote.
” Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences. This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers. “
I am on the fence about this, I can see both sides very clearly. It’s one thing to use a service to be anonymous, there is another to use that to break the law. I have to side with the actions of the company in this case, someone had done something illegal. So they should cooperate. On the privacy side I would hope there was a judicial review and access was just not given. I am not sure if you could have avoided this, maybe not keeping logs? There is always logs somewhere.
Found a little intresting note regarding the messages and posts you make on facebook.
You cannot delete a post, the delete button will only hide the message. The contents of the message is store and can be accessed by law enforcement with-out judicial review.