Researchers Break DECT
DECT or rather, Digital Enhanced Cordless Telecommunications, has apparently been broken by researchers. From The Register: Cryptographers have broken the proprietary encryption used to prevent eavesdropping on more than 800 million cordless phones worldwide, demonstrating once again the risks of relying on obscure technologies to remain secure. The attack is the first to crack the cipher at the heart of the DECT, or Digital Enhanced Cordless Telecommunications, standard, which encrypts radio signals as they travel between cordless phones in homes and businesses and corresponding base stations. Ah, the simple pleasures of smashing a 20 year old proprietary encryption algorithm to bits. The researchers are ...
Security Briefing: February 8th
Monday. As days go, you suck. That being said, have a great day folks! cheers, Dave UPDATE: Changed the date to Feb 8th...like I said, Monday...well, you know. Click here to subscribe to Liquidmatrix Security Digest!. And now, the news... Hotels were hackers' No. 1 target last year; credit card information stolen most often | USA Today Blackberry spyware source code released | Network World Indian IT Giant Tata Consultancy Services Hacked | Washington Post ShmooCon: Inside FarmVille's sinister underbelly | Computer World Chinese hackers broke into NSA, service chiefs' comps | DNA India Oracle Releases Security Alert for WebLogic Server Vulnerability | US CERT New Attack on Threefish | Schneier on Security 48 ...
Liquidmatrix Immortalized In LEGO
I have to admit, when I talked about this the other day I was rather excited to say the least. So much so that I don't want to unbox it yet. Thankfully @myrcurial and @securityintern got one as well and sent me the photos of the completed piece. Thanks again! Here is the Liquidmatrix "Mad Max"-esque LEGO vehicle (minus the bat-shit insane actor). So cool! I feel like a giddy child.
Thotcon Approaches
As Shmoocon begins to wind down (and dig out) I'm reminded that there is a raft of conferences coming up this year. A new entrant to the dance card is Thotcon in Chicago on April 23, 2010. From Thotcon: THOTCON (taken from THree - One - Two) is a new small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best conference possible on a very limited budget. This event will be limited to 8 main talks and a limited number of attendees. Due to a scheduling problem I won't be able to attend. ...
Pics From Shmoocon Snowmageddon
Here are a few pics that I culled from the stream on twitter of todays snow in DC. By the overwhelming number of cancelled flights I am glad that I didn't make the trip. First up from Chris Gerling the scene from the hotel this morning. Here is an image posted by hevnsnt from the ground outside the hotel this morning. And courtesy of Spagerogue we find the Shmoobus buried in the snow. Hoping everyone finds their way home safely.
American Express Website Password Nonsense
You know, I have always been bothered by the Amercian Express website password limitations but, I admittedly never ran this one to ground. Well, someone ran with it. The password has always been limited to an 8 character maximum and no special characters. I never imagined something quite this daft. From Twice Refried News: Thank you for your email regarding your online password. I would like to inform you that our website has a 128 bit encryption. With this base, passwords that comprise only of letters and alphabets create an algorithm that is difficult to crack. We discourage the use of special characters ...
The Digest
Researchers Break DECT
DECT or rather, Digital Enhanced Cordless Telecommunications, has apparently been broken by researchers. From The Register: Cryptographers have broken the proprietary encryption used to prevent eavesdropping on more than 800 million cordless phones worldwide, demonstrating once again the risks of relying on obscure technologies to remain secure. The attack is the first to crack the cipher at the heart... [Read more]
Security Briefing: February 8th
Monday. As days go, you suck. That being said, have a great day folks! cheers, Dave UPDATE: Changed the date to Feb 8th…like I said, Monday…well, you know. Click here to subscribe to Liquidmatrix Security Digest!. And now, the news… Hotels were hackers’ No. 1 target last year; credit card information stolen most often | USA Today Blackberry spyware source code released | Network... [Read more]
Liquidmatrix Immortalized In LEGO
I have to admit, when I talked about this the other day I was rather excited to say the least. So much so that I don’t want to unbox it yet. Thankfully @myrcurial and @securityintern got one as well and sent me the photos of the completed piece. Thanks again! Here is the Liquidmatrix “Mad Max”-esque LEGO vehicle (minus the bat-shit insane actor). So cool! I feel like a giddy child. Read More →
Thotcon Approaches
As Shmoocon begins to wind down (and dig out) I’m reminded that there is a raft of conferences coming up this year. A new entrant to the dance card is Thotcon in Chicago on April 23, 2010. From Thotcon: THOTCON (taken from THree – One – Two) is a new small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best conference... [Read more]
Pics From Shmoocon Snowmageddon
Here are a few pics that I culled from the stream on twitter of todays snow in DC. By the overwhelming number of cancelled flights I am glad that I didn’t make the trip. First up from Chris Gerling the scene from the hotel this morning. Here is an image posted by hevnsnt from the ground outside the hotel this morning. And courtesy of Spagerogue we find the Shmoobus buried in the snow. Hoping... [Read more]
American Express Website Password Nonsense
You know, I have always been bothered by the Amercian Express website password limitations but, I admittedly never ran this one to ground. Well, someone ran with it. The password has always been limited to an 8 character maximum and no special characters. I never imagined something quite this daft. From Twice Refried News: Thank you for your email regarding your online password. I would like to inform... [Read more]
PC Load Letter?!? Time For A New Job?
Hi Folks, Here is this weeks round up of jobs that we had sent in to us (tips SHIFT2 liquidmatrix DOT org). As with any of these jobs be sure to do your homework. We guarantee…nothing. That being said, good hunting! (Note: These links will spawn new browser windows) Company Job Location Gotham Digital Science Various Positions NY/London Vestas Information Security Officer Denmark SAIC Network... [Read more]
Where’d The Apple PR Contacts Go?
Normally I don’t pay much attention to corporate PR types beyond reading their pitches. But, Bob McMillan mentioned on Twitter this evening that the contact sheet for press at Apple had been removed from their US site. Rather strange considering partial pages are still available on their other sites such as Apple Canada. Retreating inwards? Here is an archive of the page (Image used under... [Read more]
PFO Form Letter
How to win friends. I’ve decided that every time I get something like this I will post it from now on. Dear Dave Thank you for your interest in “Lowering Costs of IT Security and Compliance,” produced by Network World and CSO Magazine and hosted by Oracle. Unfortunately, upon further review of the information that you submitted, we determined that at this time, we are not able to... [Read more]
Security Briefing: February 5th
Shmoocon has arrived and I…have not. Due to a wide array of reasons I will not be attending this year. The impending snowpocalypse being the last straw. Hopefully it will not be as bad as forecasted. As a note to all attending Shmoocon the HacDC event for this evening has been cancelled. That being said, much love and have a great day everyone! Stay warm in DC! cheers, Dave Click here to subscribe... [Read more]
