Tuesday, 25 November 2008
Monday, 24 November 2008
Tuesday, 18 November 2008
Is there some room at Guantanamo Bay still ?
Friday, 14 November 2008
Friday, 24 October 2008
There are already worms out there exploiting this particular vulnerability:
Thursday, 23 October 2008
Wednesday, 22 October 2008
Monday, 20 October 2008
Wednesday, 24 September 2008
Now off to practice my slight of hand and magic fingers so I can connect it to phones without people seeing! :)
This made me laugh, apparently abusing a service provider via your password is not appropriate: http://news.bbc.co.uk/1/hi/england/hereford/worcs/7585098.stm
However, what is more disconcerting is the apparent ability in some cases, for business users only, Employees of Lloyds can read your complete password. This seems somewhat ridiculous as businesses surely would have more money flowing through their accounts than an individual, so would become a richer target! IT MAKES NO SENSE (as Tim Westwood would say).
dDP.S. Thanks to Schneier
Monday, 8 September 2008
Monday, 1 September 2008
Tuesday, 26 August 2008
It sounds like they are doing the "right" thing by revoking old package signing keys and generating new ones.
Monday, 30 June 2008
Saturday, 14 June 2008
Wednesday, 11 June 2008
Lessons have been learnt, clearly...
Wednesday, 14 May 2008
Friday, 25 April 2008
Thursday, 24 April 2008
The executive summary and the full report can be found here:
Over 2000 American execs fell victim to a targeted email asking them to appear before a jury regarding a subpoena:
Tuesday, 22 April 2008
Anyways just trawling the Internet highways and byways and came across this little Gem,
The use of the map from xkcd, gets my vote! Plus they have afew security hardening guidelines and other interesting docs.
Well worth a look.
Tuesday, 8 April 2008
Only 20% of AV products can detect it, and it appears to be very polymorphic and uses obfuscation. The delivery / infection mechanism is a "picture" file with a .exe extension which is not shown.
With the constant increase in malware code out there, how long before current AV mechanisms break?
Monday, 7 April 2008
Thursday, 3 April 2008
"The crimes carry sentences of up to seven years but there are indications he may serve a community-based sentence."
Who says crime does not pay?!
Monday, 31 March 2008
dD loves Laura...
Thursday, 20 March 2008
To quote the web site:
"SIW is an advanced System Information for Windows tool that gathers detailed information about your system properties and settings and displays it in an extremely comprehensible manner. SIW can create a report file (CSV, HTML, TXT or XML), and is able to run in batch mode (for Asset Inventory Tracking, Computer (Software and Hardware) Inventory, PC Audit, Software Audit, Software License Compliance Management)."
There is an installer and also a stand alone executable.
There is also functionality similar to SnadBoy (the password revealer) to reveal any password areas. Just click on the Eureka! button. You can change the machine's MAC address, scan the network 'hood, ....
This one is going straight into dD's toolkit. It beats the pants of msinfo in gathering data from a Windows box!
Tuesday, 18 March 2008
Respect to IC for this one again.
Monday, 17 March 2008
SMash keeps the code and data from each mashup source separated, and shares the data using a secured communication channel.
Friday, 14 March 2008
Wednesday, 12 March 2008
It is mostly contributed to by member of the Secure Windows Initiative team.
Monday, 10 March 2008
There is a demo available.
Friday, 7 March 2008
What has security got to do with reliability? Read on:
Wednesday, 5 March 2008
Adam Boileau's site is below:
dD says: respect to IC for bringing this one to his attention.
Tuesday, 4 March 2008
There are not too many details above, but it appears the trojan is packed with games and even Google Maps. More info at:
Monday, 3 March 2008
There is a high-res mp4 video of the event.
Thursday, 28 February 2008
Wednesday, 27 February 2008
That's a lot of accounts to send me stock tips or enlargement pill ads. The more interesting thing would be if the bots could do something cool with all that storage! Say that this process is yeilding 1 account per minute, thats 1440 accounts a day and around 525600 accounts a year. With 6Gb of storage space per account that is 3.2 PB of distributed storage.
check out these tools to mount a single account
If they are clever enough to crack the captcha, they should be clever enough to create something that would mount all of these counts together as some sort of distributed file store with redundancy and resiliency.
Friday, 22 February 2008
Take me >>
As dD is impoverished and busy attendendance was not an option. However, the good old blackhat folks will be making the whole things available in there archive in a couple of weeks. Groovey!
They even have a video of the talk and a paper. This is another example of side attacks on cryptosystems which the great might big boss Bruce has been mentioning for some time now.
Thursday, 21 February 2008
Monday, 18 February 2008
Let the drive by raids commence!
Go Team US of A!
"Cisco Security Agent contains a vulnerability when it processes a specially crafted Server Message Block (SMB) packet. This vulnerability can be exploited remotely without authentication and without end-user interaction. Successful exploitation of this vulnerability may allow arbitrary code execution, cause the affected device to crash, or result in a denial of service (DoS) condition. The attack vector for exploitation is through SMB packets using TCP port 139 and TCP port 445."
Friday, 15 February 2008
We Must All Do Our Part To Preserve This Climate Of Fear, by M. Willard Thornton http://www.theonion.com/content/opinion/we_must_all_do_our_part_to?utm_source=onion_rss_daily
Thursday, 14 February 2008
You can create virtual encrypted disks, encrypt whole partitions AND even the Windows boot/systems drive. So who needs BitLocker??
Also covered at The Register:
Another case of the evil iFrame striking, but this time from a "security" company...
The pack is available at:
News coverage is here:
Don't get too excited: the estimated payout is likely to be between £50-£300, which is way below any losses that may be suffered if the data is in the wrong hands. The interesting question though is whether or not the government actually breached the DPA.
Wether it is electronic or not, it is just "evidence" after all. It is interesting to note the use of GPS data: yes we can prove you were there...
Monday, 11 February 2008
According to the site listin the vulnerability this will allow you to potentially view every file in the Mozilla directory. Solution a) use another browser b)install a plug in!
Most vulnerabilities are delivered by third party plugins on fixed by them!
Friday, 25 January 2008
Friday, 18 January 2008
Is it that incidents like these are being reported more openly or that they are occuring more often?
"West Midlands police are investigating the theft of a laptop from a Royal Navy officer which held personal details of 600,000 people, it has been confirmed."
However, it is really not much to worry about; there were only a few NI numbers, passport and a few bank details for good measure.
All of that on a laptop kept in a car overnight??
Monday, 14 January 2008
1. Windows users still have not turned on automatic update or notification,
2. The users who are "generous" enough to submit their personal machine to a scan from a website (not doubting secunia's reputation in any way, but I would not do it...) are probably not going to be patched and "security" aware anyway?!
Tuesday, 8 January 2008
The Double D says Jeremy you're a prat!
Basically, hack the MBR on any NT based machine hide you code in a few sectors of disk (really hard to delete something that is not a file), execute code before passing control to ntldr, patch the kernel and then you are done pretty much. And all this from the fun park that is userland. I think!
This is straight out of the DOS days. MBR virus' and attacks. Have OS developers learned nothing since the 80's. Get a grip MS people and sort this out!
Cool site tho. Will have to take a look at GMER and let all you wonderfull people know what the double D thinks. I like the way the site actually goes into assembly, it appeals to my inner (and outer) geek.