Thursday, 20 December 2007

Access all areas...

Arbitrary code execution by simply opening an Access file:

Would you like some malware with your ad?

24/7 Real Media's ad server network was compromised, and every ad served had a script appended to it:

The smashing of the Shadowcrew

An article on the international cooperation between the US and SOCA to smash one of the largest international identity theft ring:

Monday, 17 December 2007

On a roll! Three million drivers details lost...

The Driving Standards agency is missing a hard drive containing names, addresses and phone numbers of up to three million "L" drivers:
At least there are far fewer records at stake here, and no financial data; however, it is a sign of systemic carelessness?

Nmap is 10 years old!

Fyodor et al celebrate by releasing a new major version 4.50, available at:

There a new GUI called Zenmap and a scripting engine.

Monday, 10 December 2007

Sky wants to share your details with outside companies

It seems that Sky wants to share its customers' details with outside companies. As if this is not bad enough, the onus is placed on the customers to opt out by calling them!

I am glad that I don't have Sky.

It now looks like they have decided to withdraw this notice in Ireland:

The UK site explains things differently:

A nice PR stunt!

Friday, 7 December 2007

A few more records of personal details go walkies...

Rather than millions, we are only dealing with 60,000.- here:

It sounds like they were encrypted this time, phew...

Whether encrypted or not, should anything so mobile carry so much personal data?

Wednesday, 5 December 2007

Only twenty grand?

HM Revenue and Customs is offering a reward for the 2 "misplaced" CDRs, that contain the financial details of up to 25 million UK parents and children.

Is the reward really commensurate with the value that could be realised from such as goldmine?

David Hartnett (acting head of HMRC) faced the Commons Treasury sub-committee and stated that there had been seven incidents of "some significance" involving data security breaches since April 2005. These "may well" indicate systemic failure.

I am feeling safer now...

Monday, 3 December 2007

Heads in the clouds

This was in the Guardian Magazine on Saturday:,,2218788,00.html

There are plenty of quotes from Bruce Schneier; and an interesting comparison of different approaches to airport security: El Al's psychology focused approch versus high-tech Heathrow Terminal five (opening next year):
  • Machines that can give a 3D view of a bag's content and identify liquids and explosives hidden,
  • Fingerprinting,
  • Faces scanned.
Will all this make air travel more secure?

Friday, 30 November 2007

Faces come out of the rain

To Facebook or not to Facebook (or MySpace)! Cory Doctorow is clearly playing his hand with this article.

It is no doubt that security and privacy concerns are rife.

So remember kids don't Facebook! Parents can get an account too you know, and do you want them seeing the photos of you at that crazy party last week over at Ron's house doing shots of tequila when you were meant to be doing an essay on the life cycle of a chinchilla? I didn't think so.

Dry Roasted Bots!

The FBI stoke up their fires, roast 1 million bots and grind 8 botherders! What I find interesting is the fact that these guys' (Anybody know of any female botherders being arrested?) personal details have been posted on the blog below. Not one for the CV chaps!

FBI press release about Operation: Bot Roast

Also whilst researching the blog entry I found the term botmaster, which made me chuckle!

Thursday, 29 November 2007

The Russian Business Network (RBN): legitimate business or cybercrime service provider?

David Bizeul has written a real eye opening report, which is available at:

Firefox security extensions: FireCat 1.3 released

FireCAT is a mind map collection of useful Firefox security oriented extensions. Version 1.3 was released this week:,302.html

Download the browsable HTML version, or use the free mind mapping software Freemind:

Mandiant Tools

Some great free tools:

  • First Response: Gathers information for forensics purposes.

  • Web Historian: Reviews browser history from most common browsers: Microsoft’s Internet Explorer, Mozilla, Firefox, Netscape, Opera and Safari

  • Red Curtain: Examines executable code and gives it a "suspicious" rating.

Fiddling Web requests...

Fiddler allows the inspection of HTTP Traffic, set breakpoints, "fiddle" with incoming or outgoing requests and responses, as well as a scripting environment:

Hackers hijack web search results

News fresh in from BBC's news site, Criminals poisoned search results:

I wonder if this was timed for "Cyber Monday". The Monday after Thanksgiving in the U.S. is meant to be the day which sees the highest amount of goods purchased online:

Wednesday, 28 November 2007

Hacking as a service?!

There is a three part article:

The first one includes a video actually showing the 76service itself.

There are some details on how Don Jackson from SecureWorks gathered information on the Gozi Trojan at:

If you want to read more about iFrame and how they are being used see:

Hi and welcome to Decipher Dump

Hi and welcome to Decipher Dump,
We feel passionate about most things related to computer security. We are always sharing with each other links, news, articles, research papers, etc... We decided to create a blog instead, to house stuff as and when we come accross it. We may also decide to post our own opinionated ramblings.