Archive for April, 2006
Author: Dave Lewis
April 30, 2006 at 9:07 pm · Filed under Crime
A man was detained at the Vancouver airport when he tried to board a plane with a loaded handgun. He won’t be winning any genius awards. He was caught when the screeners who were awake noticed the weapon in his carry on.
Also found in the bag were Hells Angels T-shirts and Hells Angels colours identifying the wearer as the sergeant-of-arms of the White Rock chapter of the motorcycle club. The luggage also contained Hells Angels documents such as information about officers’ meetings.
Apparently riding a Harley all day, or more likely all the weed he’d been smokin, had managed to dull his…er…intellect. One less dumbass in the skys tonight.
Article Link
Tags: Airport Security, Hell’s Angels
Author: Dave Lewis
April 30, 2006 at 1:33 pm · Filed under News
The agency which was the inspiration for the legendary James Bond 007 fame is looking for security geeks. The thrust of what they’re looking for is some people with special abilities to access computers in other countries. There was job ad posted in the Times newspaper in UK.
“It’s about keeping up with what the other sides are doing and making it better so they can’t break into our (systems),” a spokesman for MI6, otherwise known as the Secret Intelligence Service, told Silicon.com. “This is the first in a series of ads that will appear.”MI6 said security professionals and people with “interception qualifications” are highly sought-after.
Interesting, I wonder if they’re interested in non-UK resisdents?
Article Link
Tags: MI6, Security Jobs
Author: Dave Lewis
April 30, 2006 at 12:49 pm · Filed under Vulnerability
Time and again the problems that face security types are avoidable. Namely, coding by 1001 monkeys. I have seen a lot of code in my time and the overwhelming impression that I have gained in that time is that coders are fundamentally lazy. Formatting errors, buffers not terminated, et cetera. Now the folks over at Securityfocus have a nice piece that addresses the top five most common errors in web application development. The attacks as explained are:
1. Remote code execution
2. SQL injection
3. Format string vulnerabilities
4. Cross Site Scripting (XSS)
5. Username enumeration
Worth a read.
Article Link
Tags: Vulnerabilities, Coding
Author: Dave Lewis
April 30, 2006 at 12:16 pm · Filed under News
Internet search giant Yahoo claimed it had no knowledge that it may have contributed to the imprisonement of activist Wang Xiaoning. Yahoo released this statement,
“We condemn punishment of any activity internationally recognized as free expression, whether that punishment takes place in China or anywhere else in the world.
The rights group Human Rights in China, said that Wang was sentenced to prison in September 2003 as a result of information alleged to have been passed from Yahoo to the Chinese.
The rights group said the allegations against Wang stemmed from electronic journals he published from 2000 to 2002 and distributed by email through Yahoo email groups that he established anonymously in mainland China and Hong Kong.
It’s unlcear as to whether or not Yahoo provided the Chinese gov with Wang’s identity or the information that led to his arrest.
Article Link
Tags: China, Yahoo, Dissident, Injustice
Author: Dave Lewis
April 30, 2006 at 11:32 am · Filed under Privacy
Millions of registered voters in Ohio had their personal information distributed to roughly 20 political campaigns. Ouch. This came to light when one of the campaigns called to say that they had not requested the information that they had received. Noble. Immediately after having been alerted to the collosal screw up the campaigns were all contacted in an effort to round up the CDs. All of the information was set to be returned without incident. One of the biggest security problems that seems to be growing at a silly rate is data mismanagement.
The Social Security numbers were included, Lee said, when the CDs were created. “When we did one of our data merges, some data included some Social Security numbers” accidentally, he said. “It’s just a data issue that can be fixed now by leaving out that column.”
Once the affected CDs are returned sometime in the next two weeks, updated discs will be issued. Asked if any printouts from the CDs will also be returned or destroyed, Lee said he doesn’t believe any printouts were made. “We consider the issue resolved,” he said.
Oops…c’mon folks. Data security has to be taken more seriously. Especially by those in government. Time to wake up and not smell the coffee…but, bloody well drink it!
Article Link
Tags: Data Security, ID Theft, Privacy
Author: Dave Lewis
April 29, 2006 at 3:34 pm · Filed under Privacy
Well, you can’t say that you didn’t see this one coming. The Department of Justice will be invoking the Military and State Secrets priviledge in the EFF vs. AT&T lawsuit. They are also asking for a dismissal os the lawsuit which involves the use of Narus technology to eavesdrop on Americans.
The United States government filed a “Statement of Interest” Friday in the Electronic Frontier Foundation’s (EFF’s) class-action lawsuit against AT&T, announcing that the government would “assert the military and state secrets privilege” and “intervene to seek dismissal” of the case.
Lift a rock and watch the roaches run.
Statement of Interest Link (pdf)
Article Link
More on the EEF suit
C|Net News
Tags: EFF, Narus, Lawsuit, Privacy, AT&T
Author: Dave Lewis
April 29, 2006 at 9:30 am · Filed under Privacy
There is a very interesting write up on SANS about an interesting anomaly in some web logs. A lot of people are seeing what appears to be a scan for web proxies that appears to be originating from an IP address registered to China Network Communications Group Corporation.When attempting to connect to 9966.org there was no HTTP server listening at post time.
So here is an example URL that might show up in your logs:http://check.216.109.136.53.v.80.pw1.super.proxy.scanner.i.thu.cn/Provy_OK.html
running the host command on the above hostname provides:
check.216.109.136.53.v.80.pw1.super.proxy.scanner.i.thu.cn has address 61.135.170.153
Hrm. 216.109.136.53 is a an IP in Hoboken, NJ. Thats about 6800 miles away from the host in China (61.135.170.153
Now is it possible that the Chinese government is sweeping for open proxies? Or is this some industrious soul searching for a way out? When the URL for the block owner was entered into my browser I was redirected to what appears to be an ISP page. My Chinese is rusty non-existent. So, I can’t be certain.
Article Link
UPDATE: This activity appears to be related to a scanning tool call “proxy_scanner” which was released in Chinese hacker circles in 2004. The site www.io8.org was used to distribute this tool and traffic related to that site was sent in to us as well.
Source Link
Tags: China, Proxy
Author: Dave Lewis
April 29, 2006 at 8:54 am · Filed under Firewalls
For you Checkpoint users out there. There is now a SmartDefense update to managed this problem. This one of there better features available in the FW1 stable. I refer to this often as the “buying time” feature. 
Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server.
Article Link
Tags: Checkpoint, FW1, Oracle
Author: Dave Lewis
April 28, 2006 at 12:56 pm · Filed under OS Security
Hey folks, I was wondering if anyone out there could point me to a Tru64 hardening guide? I know this isn’t a widely used operating system but, any help would be great.
Tags: Tru64, Server hardening
Author: Dave Lewis
April 28, 2006 at 7:46 am · Filed under News
One of the problems that we all face these days is the safety of our data, namely personal data. The third party vendor, Iron Mountain, has reportedly lost the personal information for roughly 17,000 employees of the Long Island Railroad. The NYPD said that the loss also included information pertaining to the US department of Veterans Affairs.
New York police on Thursday said the loss also involved data tapes belonging to the U.S. Department of Veterans Affairs. It was reported by the driver while his van was parked outside a VA hospital in the Bronx.
Now, Iron Mountain then said,
Iron Mountain said its investigators believe the loss was the result of an accident, rather than theft.
Huh? A little CYA damage control?
Iron Mountain said in a statement that it was “extremely unlikely” anyone who found the railroad’s tapes could access the information, because it would require “highly specialized expertise, specific software and sophisticated technology equipment.”
Now this section of the article on MSNBC just makes me giggle. Have they never heard of the monster that is, eBay? Now, as you may of may not be aware, Iron Mountain has suffered from data being lost in transit before. In 2005 they disclosed that they had managed to lose backup tapes from Bank of America Corp., Citigroup Inc. and Time Warner Inc.
Article Link
Tags: Backup, Storage, Iron Mountain, NYPD, Data Protecion
Next entries »
Explore
Security Bloggers Network
