Trying to improve my mood, I started messing around with Gimpshop while watching Jon Stewart’s Daily Show this evening. I’ve created the first of several wallpapers for Liquidmatrix. It’s pretty basic but, I’m liking it so I thought I would share. This one is set for 1024×768 systems. This was based on the fact that the vast majority of the readership has that res. I’ll be making some more over the weekend.
Enjoy.
Tags: Desktop Wallpaper, Liquidmatrix, Wallpaper
Data leakage that could cost lives. Today I noticed that the Miami Herald had a piece about a design firm in Kansas City that had posted detailed plans for the forthcoming US Embassy in…Baghdad.
Detailed plans for the new U.S. Embassy under construction in Baghdad appeared online Thursday in a breach of the tight security surrounding the sensitive project.
Computer-generated projections of the soon-to-be completed, heavily fortified compound were posted on the Web site of the Kansas City, Mo.-based architectural firm that was contracted to design the massive facility in the Iraqi capital.
The images were removed by Berger Devine Yaeger Inc. shortly after the company was contacted by the State Department.
This is a sad demonstration of how the best laid plans can go so badly…so quickly. The devil is in the details. What can seem like an insignificant detail or a mundane task can come back to haunt you. Let this be a lesson to everyone that you have to be on top of the details. Trust me, I know what I’m talking about.
And the spin…
Berger Devine Yaeger’s parent company, the giant contractor Louis Berger Group, said the plans had been very preliminary and would not be of help to potential U.S. enemies.
“The actual information that was up there was purely conjectural and conceptual in nature,” said company spokesman Jeffrey Willis. “Google Earth could give you a better snapshot of what the site looks like on the ground.”
After the damage is done, there is no sense in the spin. Take your medicine.
Tags: Data Leakage, Baghdad Embassy Plans, US Embassy in Iraq
From LA Times:
A cyber-thief was able to take $450,000 from the city of Carson’s general fund as part of an elaborate scheme that officials said raises questions about the security of municipal coffers.
Authorities said the hacker was somehow able to mimic the computer strokes made by Carson’s top financial officer. Each time Treasurer Karen Avilla logged into her laptop computer in the morning, someone was looking–virtually–over her shoulder, watching every keystroke. Every entry of a password. Everything.
Armed with a spyware program, the thieves tracked Avilla’s moves on her laptop and obtained bank passwords. They wired $90,000 to a “Diego Smith” in North Carolina. One day later, on May 24, the thieves got bolder as they wired $358,000 from the city’s bank account to a bank in Kalamazoo, Mich.
Tags: Hacker, Keylogger, Carson City, Data Theft
Wow, I knew things were bad over at DELL. But, I didn’t think that they were this bad.
From BBC:
At least 7,000 (ed. - or 8000 according to CNN) jobs are set to be lost at computer firm Dell after it said it would cut its global workforce by 10%.
The PC maker has struggled with falling sales and rising costs, prompting founder Michael Dell to take direct charge of the firm earlier this year.
Guess I’m not the only one having a bad day after all.
Article Link (thx Dan)
Oddly they managed to beat the Wall Street forecasts.
From CNN:
Dell, the No. 2 PC maker, reported sales and profits Thursday that handily beat Wall Street forecasts, and announced it would cut its staff by 10 percent over the next 12 months.
Tags: DELL Job Cuts, DELL Layoffs, 7000 Jobs Cut
Sorry for the late start this morning. Didn’t get in from the studio until after 1am. Today is a slow mover already.
And now, the news…
Tags: News, Daily Links, Security Blog, Botnets, Malware, IBM LEAN, Yahoo, Russia VS Estonia, Security Analogies, Spam King
I wrote about this one last summer and today I noticed that version 4.5 of the Technitium MAC address changer has just been released. Fun and games with MAC filtered networks.
How To Change MAC Address
1. Starting MAC address changer will list all available network adapters.
2. Select the adapter you want to change the MAC address. You will get the details of your selection below.
3. Click Change MAC button, enter new MAC address and click Change Now button and confirm changes you made when prompted.
4. To restore the original MAC address of the network adapter, select the adapter, click Change MAC button and then click Original MAC button and confirm changes you made when prompted.
NOTE: This tool cannot change MAC address of Microsoft Network Bridge. Network Bridge will automatically use the original MAC address of the first NIC added into bridge with the first octet of MAC address set to 0×02.
Recent legislation passed in Germany (mentioned a couple days ago) has made hacking tools illegal. Um, OK. This sounds like such a bad idea on so many levels. Think of the countless sysadmins that use “hacking” tools to make sure that their systems are secure. I must admit this seems absurd. This will not preclude attackers from using them of course which would put the “defenders” on very unstable footing. Now, I’m curious if this would encompass tools like EnCase and Forensic Toolkit?
From The Register:
Taken as read, the law might even even make use of data recovery software to bypass file access permissions and gain access to deleted data potentially illegal.
“Forbidding this software is about as helpful as forbidding the sale and production of hammers because sometimes they also cause damage,” Chaos Computer Club spokesman Andy Müller-Maguhn told Ars Technica. “Safety research can [now] take place only in an unacceptable legal gray area.”
While making life more difficult for security consultants and sys admins, the new laws will, paradoxically, make it easier for police to use hacking tactics in gathering intelligence on suspects.
If Axel E. or Alex G. are reading I’d love to get a comment from you guys on this bizarre legislation.
The good folks over at Secunia have posted an advisory for F-Secure products today. There is a vulnerability in the way their AV products handles LHA files which could possibly lead to remote code execution. If you are running the software be sure to upgrade as soon feasible.
From Secunia:
Description:
A vulnerability has been reported in various F-Secure products, which can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to a boundary error in the processing of LHA archives and can be exploited to cause a buffer overflow when decompressing a specially crafted archive.
The vulnerability is related to #1 in:
SA21996Successful exploitation may allow execution of arbitrary code.
Solution:
Apply hotfixes.
Tags: F-Secure, LHA Handling, Vulnerability, Antivirus
Welcome to this mornings visitors from Australia, South Africa, Switzerland, Sweden, USA, Romania, UK and Canada. Thanks for reading! Be sure to check out the first link in the news roll. It’s a piece by Chris Soghoian. The same guy who was involved in the boarding pass generator website.
And now, the news…
Tags: News, Daily Links, Security Blog, Firefox Extensions Exploit, Surveillance, Spam, RFID, Privacy, Symantec Client Delayed, QuickTime Exploit
From Lifehacker.com:
Luckily, you can remove IE7 from your Windows XP PC using Control Panel’s “Add/Remove Programs.” Nice to know it’s not more permanently glommed onto Windows’ innards.
Not being an IE7 user, this one hadn’t occurred to me.
Tags: IE7 Uninstall, Get Firefox
Add to Google
Add to my Yahoo
Add to MSN
Add to Bloglines
Add to Newsgator
Explore
Security Bloggers Network (a FeedBurner Network)
