October 21, 2011 9:35 PM
Posted by: Dan O'Connor
duqu,
StuxnetGreat white paper from Symantec.
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
It’s definitely only matter of time before we see Stuxnet 2.0, I would bet in the next 12 to 18 months something will come up again. I wish I had the source article but I read that the US was looking at launching a wire attack on Libya before the plans came in to disable air defense.
October 21, 2011 9:28 PM
Posted by: Dan O'Connor
metasploit,
metasploit community editionI just noticed that there is a community edition of metasploit.
I have been using the opensource for ever, I have not even stopped to look at the commercial edition. Here is the posting from Moore.
https://community.rapid7.com/community/metasploit/blog/2011/10/18/introducing-metasploit-community-edition
You can get a free key and enjoy a less technical interface.
October 21, 2011 9:19 PM
Posted by: Dan O'Connor
ca attacks,
ssl attacks,
tls attacksThe create of SSL makes a couple good points.
http://www.bbc.co.uk/news/technology-15348821
I think inevitable that a cert signer is attacked again if one is not currently compromised right now. If a person or nation state wanted to attack an SSL service having access to a CA is the way to go. A good idea might be to cut down the number of entities that can create these.
October 19, 2011 9:49 PM
Posted by: Dan O'Connor
celebrity cell phone hacking,
cell phone hackingFor reasons I don’t understand it appears that some people take and keep photos of them selves that they would not want other people to see. Conveniently almost everyone has a cell phone with a camera and a web mail account.
Lets do a hypothetical, you have access to a few sets of images. Now what do you do with them? You could sell them, but to who? You could try the mainstream famous people papers, or you can try some groups that would be more interested in the traffic generated by the images more then the content.
So you would get a good payment from the malware guys, and they get more people infected with their software to steal $$$.
October 19, 2011 7:44 PM
Posted by: Dan O'Connor
web crawler,
webbotHave you heard of this?
http://en.wikipedia.org/wiki/Web_Bot
I heard it mentioned on a TV show and I needed to check this out. The person that described it sounded like a character off a prime time action TV show “Hacker”. Lots of big words but not really in the right order or even the correct context. I have this same problem with a lot of TV shows and movies.
I don’t know how a crawler could predict anything based of the information collected from the internet. If that was the case I guess you could do the same with any other search engine.
September 29, 2011 8:36 PM
Posted by: Dan O'Connor
It’s about time something was in place like this.
A few of the points are pretty good, I found some of the points of when and where it will be notified.
http://www.cbc.ca/news/technology/story/2011/09/29/technology-data-breach-pipeda-privacy.html
Like it’s always done it’s based on the U.S patriot act, taking the good and leaving the rest.
September 27, 2011 9:29 PM
Posted by: Dan O'Connor
cobitMy next cert I will be tackling is COBIT.
COBIT is a IT governance framework it can help with procedures, aligning IT activities and controls to business risk.
The best part is you can get it all for free!
http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
The exam is not though.
September 27, 2011 9:23 PM
Posted by: Dan O'Connor
mysql malware,
mysql.comIf you had not heard MySQL.com was serving up malware today. A nice person has also gone through the trouble of doing all of the research for us.
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html
There is a few IP’s in there that you will want to check your logs for.
September 25, 2011 9:04 PM
Posted by: Dan O'Connor
poker fraudI can’t say I am surprised by this, you give a company money and if fly’s right back out the door in to someones pocket.
http://www.dailytech.com/Top+Poker+Site+Poker+Celebrities+Caught+in+444M+USD+Ponzi+Scheme/article22798.htm
