The last few months have been a very rough haul here in New Hampshire. It is no joke that the state motto here is Live Free or Die. I’ve lived in crappy housemate situation for three months and stopped regular IT consulting six weeks ago. My car has not been my best friend (nice time to act up!)

I’ve been through the gamut of timekeeper woes too. If you work in a hospital/Psychiatric setting — never piss off the timekeeper(s) if you want extra hours added to your schedule…

People have asked if I have a job in Oregon. No I don’t. I imagine that I will be doing warranty work when I first arrive, which means I will need to travel N. Cal and up toward Salem, OR.

If you don’t hear from me – well, I’m either on the road or not doing so well. Hopefully not the latter!  I’ll be leaving early Wednesday morning. Cheers.

//Bev

Google added new functionality to its real-time search engine, and moved it from an obscure feature buried in the options on the left pane of the standard Google search, to its own Web site. The new Google Realtime can be a powerful tool for businesses that know how to use it.

Customer Relevance

Companies can use information gleaned from Google Realtime to “read the minds” of consumers. Conducting searches related to current or planned products or services can help identify what customers want and what concerns they might have.

Proactive Support

Most customer contact centers maintain a database of known issues and resolutions for more efficient customer support, but that information is typically gleaned as the calls come in. Google Realtime enables businesses to monitor customer issues and complaints–in real-time–to track any pervasive issues and begin to develop solutions before the phone starts ringing off the hook.

By Tony Bradley, PC World

Read the complete article here: Putting Google Realtime to Real-World Use – PCWorld Business Center.

After a brief lull, new and improved rootkits are back. The latest iteration of one well-known kit — TDL3 — now enables hackers to compromise 64-bit Windows more easily, according to one security researcher.

According to security research firm Prevx, it’s an important escalation in the continuing spy-versus-spy cold war between researchers and hackers.

While many security administrators may not be familiar with TDL3, TDL and it’s other variants, they may remember it by a different name — the Alureon rootkit — that made the rounds earlier this year.

The problems began when some users who had just downloaded and installed a new Microsoft (NASDAQ: MSFT) security patch complained that it caused their PCs to crash

By Stuart J. Johnston, eSecurityPlanet

Read the entire article here:  New 64-Bit Windows Rootkit Already ‘In The Wild’ – www.esecurityplanet.com.

Excellent presentation by Nicolle Neulist (@rogueclown) titled:  Hey, Don’t Call That Guy A Noob: Toward a More Welcoming Hacker Community, presented at Notacon 7

The hacker community is not for everybody…it takes a certain inquisitive spirit.  It takes a certain personality to thrive in this type of community. You’ve got to be curious

–Nicolle Neulist

Nicolle is one of the founding members of Pumping Station: One (hackerspace in Chicago). She is also a licensed attorney in the state of Illinois. She graduated from Washington University School of Law in St. Louis, Missouri in the spring of 2008, and passed the Illinois bar summer, 2008.

View her presentation in WMV format or download the torrent from notawiki

You can also find her on the @Teksquisite twitter list: Women-in-tech-infosec

Computerworld - About 40 different Windows applications contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware, a security researcher said Wednesday.

The bug was patched by Apple in its iTunes software for Windows four months ago, but remains in more than three dozen other Windows programs, said HD Moore, the chief security officer of Rapid7 and creator of the open-source Metasploit penetration testing toolkit. Moore did not reveal the names of the vulnerable applications or their makers, however.

Each affected program will have to be patched separately.

Moore first hinted at the widespread bug in a message on Twitter on Wednesday. “The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,” he tweeted, then linked to an advisory published by Acros, a Slovenian security firm.

That advisory detailed a vulnerability in iTunes for Windows that hackers could exploit by persuading users to download and open a malformed media file, or by duping them into visiting a malicious Web site, where they would fall to a drive-by attack.

Read the article here

Any guesses on the affected applications?

My take is that there are plenty of web browsers included in this research assessment. Other apps could possibly be Microsoft Office,  Adobe products, and Oracle.

Source: By Gregg Keizer, Computerworld

A new series of mass SQL injection attacks has planted links to malware sites and hidden iframes in over a million webpages, including parts of Apple’s website. The technique is similar to a standard SQL injection attack, but uses obfuscation to disguise the data in hopes of routing around any rudimentary input checking.

The attack was detailed earlier this week by security researcher Manuel Humberto Santander Peláez. The attacks rely on a series of SQL commands stored as hexadecimal data preceded by a CAST command. When decoded, it attempts to inject iframes into data tables, which then end up being rendered in webpages that use the tables to build its HTML code dynamically. The attacks lead to Russian top-level domains that appear to be sources of malware.

Read the article here

Source: By Chris Foresman, ars technica

Could there be a secret DIGG Microsoft Fan Boy group meeting going on right now?  Perhaps meeting in secret Microsoft DIGG Fan Boy virtual chambers? Could DIGG MICROSOFT Fan Boys be strategically targeting, quashing and burying potentially popular Linux articles on DIGG?

YouTube censorship via use of vote-botting, false flagging, and  filing of False DMCA claims has been effectively utilized to shut down groups on YouTube. The same style of methodologies can be used on a powerhouse site such as DIGG via collective burying.

Hairyfeet, speaking about both DIGG and Slashdot

‘Linux Stories Are Getting Down-Voted‘

Digg is “simply a symptom of a larger disease,” Slashdot blogger hairyfeet opined.

“It is sad that so many have been hoodwinked by the dem vs. repub lies, when in reality it is as fake as pro wrestling,” he asserted. “BOTH sides are pro corporation over the people, BOTH sides are for bigger government and BOTH sides are happy to grab more power for themselves and less for the people.”

“Has everyone who [was] once interested in Linux suddenly vanished? Have people stopped writing about Linux?” Vaughan-Nichols asked. “I don’t think so.”

His theory: “Linux stories are getting down-voted on a regular basis on Digg these days,” he suggested. “Who’s doing this? In whose best interest is it to make it appear that there’s little interest in Linux? Might it be a company named Microsoft?”

Read the rest of this article at LinuxInsider

Are Linux articles really being targeted and buried on DIGG?

Donate $1.00 USD here:

I have run into a bit of a debacle here on the east coast with the Oregon move scheduled for the end of August. Having already terminated most IT Consulting gigs for the transition to Oregon, I have been relying upon psychiatric hospital earnings to fund a major move across country from NH to Oregon. My regular schedule at the Psy for 4.4 years has been 24-32 hours per week.

Up until I gave my ‘letter of resignation” I was receiving 24-32 extra hours per week. This all stopped after I handed in my letter five weeks ago.

It appears that my workplace is not willing to offer anything over two extra shifts per week I’ve pissed off the timekeeper(s). Instead, they have offered up to 40 hours of overtime, premium, and 1.5 shifts to full-time employees who have gladly agreed to work up to an extra 40 hours per week!

It was recently suggested to me by a co-worker (Thanks Brian) that perhaps I should request travel donations online. If all friends, acquaintances, and followers could donate $1.00 via PayPal, this would seriously benefit preparation/moving expenses and also allow a fresh new beginning for Teksquisite in Oregon.

Thanks for reading this and
Thanks for stopping by!

/Bev

Online whistleblower WikiLeaks has vowed to continue publishing more secret files from governments around the world despite US demands to cancel plans to release classified military documents.

“I can assure you that we will keep publishing documents – that’s what we do,” a WikiLeaks spokesman, who said he goes by the name Daniel Schmitt in order to protect his identity, said.

Mr Schmitt said he could not comment on any specific documents but asserted that the publication of classified documents about the Afghanistan war directly contributed to the public’s understanding of the conflict.

Source:

Wikileaks: We won’t stop publishing – World News, Breaking News – Independent.ie.

For Kevin Mitnick, staying legal is job No. 1 | InSecurity Complex – CNET News.

Kevin Mitnick was eager to participate in a social-engineering contest at the Defcon hacker conference in Las Vegas last weekend and was told he would target Microsoft in the event.

He figured it would be fun to show off his schmoozing skills, which he so easily used to trick employees at tech companies in the 1990s into handing over passwords and other sensitive information, ultimately landing him in jail.

But when he called his attorney to run it past him, the response was “Are you crazy?!”

Source: CNETnews, by Elinor Mills

For Kevin mitnick, there will always be a fine line to walk within the realm of social engineering – even if it is for educational purposes.  He is a good guy who managed to turn his life around and is highly respected in the infosec community.

Update: Thu Aug 5 22:39:04 UTC 2010: Twitter is currently recovering, Tweets are are flowing again. We expect a full recovery in the next hour.

via Twitter Status.     

Twitter has been down for the past hour due to high error rates.

Visit the official Twitter status page here

You can also check out the Twitter Facebook fan page

Though the broken robot graphic is cute, the world hates it when Twitter goes down…

Where do you go when Twitter goes down?

To Whom It May Concern:

Hello, my name is Kris French Jr., better known through the online moniker of BlueShellSec.  I am an Information Security blogger and the administrator of the website http://BlueShellSec.com.   However, more importantly, I am an active and deeply concerned member of the Information Security Community at large.  It has come to our attention that your organization has accepted Gregory Evans of Ligatt Security International as a speaker at the Sixth International Conference on Information Assurance and Security 2010.  The purpose of this letter is to ask that you reconsider allowing this man to speak.  It is my personal belief, as well as that of many others in the community, that this man is, at best, a poor example of what an Information Security professional should be.

This man has shown low moral character time and time again.  His exploits are well documented throughout the web.  The best compilation of these exists on the Attrition.org website.   As you can see on the site, his offenses are numerous and serious.  I realize this site would take an impractical amount of time for you to sift through, so I will summarize the most egregious of these below.

Gregory Evans, as you’re probably aware, claims to have written several books; the most notable of which is How to be the World’s No. 1 Hacker: Short and Simple.  Since the book’s release, Evans has been accused of plagiarism by several notable members of the Information Security community.  Following these claims, the book was analyzed by Ben Rothke of the RSA Conference using the iThenticate software (http://bit.ly/9HZE31, http://bit.ly/dvagcI)  As you can see for yourself in the links I’ve provided, the software produced results beyond what anyone was expecting.  The book is shown to be almost completely plagiarized.  Evans defends this by saying that he used several ghost writers in the process of creating this book and that all original authors were informed they would not receive credit for their works, only a fixed payment.  This, however, has been shown to be false as several of the authors were contacted and deny any such payment or communication of any kind.  TheBaskins.com has also done an analysis of the book, completely independent of the RSA Conference and Ben Rothke’s influence.  Their report can be found here: http://bit.ly/d15eir.

An important quality in any Security professional would certainly be that of honesty.  Despite this, Evans has been caught in his lies an incredible amount of times during the previous few months.  Here I will list the three which I believe to be most important to our community.  One of the basic certifications of the Information Security world is that of Certified Ethical Hacker.  Although Evans has claimed many times over that he is a holder of this most basic of certifications, this has been shown to be a falsehood. (Source: http://bit.ly/cR9672)  He has also been found lying about holding several other honors and certifications including: CISSP (http://bit.ly/9aqJFm), CISA/CISM (http://bit.ly/dpXylr), Teaching Credentials (http://bit.ly/b1hqTd), Licensed Private Investigator (http://bit.ly/9Xqw9g), and CFE (http://bit.ly/9N7BCP).  Evans claimed at one point that Keith Flannigan of USGMI had accepted a position on Ligatt’s board of directors.  Mr. Flannigan denies this claim outright.  (Source: http://bit.ly/deGVIB)  Finally, Mr. Evans has claimed to not only have befriended, but in fact, mentored one of the world’s most famous and influential hackers, Mr. Kevin Mitnick.  Mr. Mitnick does not deny meeting Evans, but he claims that is where the relationship between the two comes to a close.  “He certainly didn’t take me under his wing, whatever that means. I didn’t really discuss my case with him because you don’t discuss your case with other people in jail because they’ll become informants.” Says Mitnick.  (Source: http://bit.ly/bS633G)

I now bring you the final and most disturbing of the events thus far in the Ligatt saga.  On June 16, 2010 noted Security blogger, Chris John Riley of the Eurotrash Podcast was threatened by Gregory Evans himself.  Mr. Evans, of course, denies the allegation, even with all evidence pointing to the contrary.  I will spare you the gory details and allow you to read the evidence and decide for yourself (http://bit.ly/cgJw3k).   Needless to say, this is at best, unprofessional, and at worst, a lawsuit waiting to happen.

Given the evidence presented, I implore you, on behalf of the Information Security community, do not allow this man to speak.  Do not allow him to garner further media attention of which he is clearly unworthy.  Do not allow this man to be shown as a representative of the Information Security world at your conference, or indeed, any other.  This man does not personify hacker culture; he is not one of us, he is not worthy of that title.  Mr. Evans is a charlatan and nothing more.  Do not give him the honor of gracing your stage.  There are many more worthy speakers, especially in the Atlanta area.

I thank you for your time and consideration and urge you to research this issue further on Attrition.org and elsewhere and to decide for yourself: is this a man that you really want presenting at a conference such as yours?  I hope you will agree with my assessment and that of the hacker community of which I am a part.  I bid you good day and the best of luck with your conference and all future events.

-Kris French Jr.
BlueShellSec.com

Thanks to Kris French Jr. of  Blue Shell Security  - please alert all infosec/security/tech event organizers

Hacker breaks into ATMs at Blackhat, dispenses cash remotely

Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.

At the Black Hat security conference here, Barnaby Jack, Director of Research at IOActive Labs, demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

After his talk, Jack suggested that TM makers offer upgrade options on physical locks or a unique key for each ATM. He also recommended the use of executable signing at kernel level to block his attack vector.

To mitigate remote attacks, Jack said ATM manufacturers should disable the on-by-default remote monitoring feature on the machines.

Read this article at ZDNet

——————————

Botnet hacker caught in Slovenia

The botnet, one of the world’s largest, was dismantled earlier this year after infecting 12.7 million computers.
It was designed to steal personal financial details and was also found in the PCs of banks and major companies. Officials from around the world have been chasing the cyber criminals.

Read this article at BBC News

——————————

Baidu sues Register

CHINESE SEARCH OUTFIT Baidu has decided to sue Register.com for breach of contract, gross negligence and recklessness related to an attack by hackers.

Baidu said that a Register.com service representative allowed an intruder, who falsely claimed to be an agent of Baidu, access to Baidu’s account even though the intruder could not provide the right security codes.

Read this article at The Inquirer

——————————

Colorado warns of major corporate ID theft scam

Big retailers hit, including Home Depot, Lowe’s, Office Depot

Colorado’s Secretary of State and other officials are warning the state’s 800,000 or so registered businesses to watch out for scammers who have been forging business identities to make fraudulent purchases from several big-box retailers in recent months.

So far, at least 35 businesses in the state have had their corporate identities misused to open fraudulent credit accounts at retailers such as Home Depot, Lowe’s, Office Depot, Apple and Dell. According to the Colorado Bureau of Investigation (CBI), the scammers so far have made at least $750,000 in fraudulent purchases from Home Depot alone after opening up lines of credit there using forged corporate identities.

Read this article at Computerworld

——————————

Google issues fix for hacked YouTube

Hackers took advantage of a cross-site scripting vulnerability that enabled them to insert code onto the popular video site’s viewer-comments pages, IDG News Service said in a report. The hackers apparently had it in for Justin Bieber, focusing on clips related to the teen pop star, who’s set to appear Sunday night on an NBC television celebration of the Fourth of July and who’s reportedly one of the most popular attractions on YouTube.

According to IDG, a Google representative said the attackers’ exploits would not have allowed them to access the Google accounts of YouTube visitors who encountered a hacked page. The representative said, though, that visitors should log out of their Google accounts and then log back in, just to be safe.

Read this article at Cnet News

——————————

Hackers Break Into University of Maine Servers

In the latest incident of an educational institution falling victim to a security breach, officials at the University of Maine this week are notifying thousands of students after hackers managed to infiltrate a pair of university servers.

“This is an insidious affront to the rightful privacy expectations of our students,” Robert Dana, the University of Maine’s dean of students, said in a statement.

“The criminals who make it their business to exploit our society’s need and ability to store information are beneath contempt and we are engaging all possible resources to find the source of these attacks,” he added.

The compromised servers stored data on some 4,585 students who received counseling services at the school’s on-campus counseling center between August 2002 and June 2010. Breached data included student names, social security numbers and clinical information related to every student who received counseling services during that time.

Read this article at eSecurity Planet

——————————

What was your favorite security news article for the month of July, 2010?

Security vendor Eset believes that Virus writers will soon become far more active via exploiting vulnerabilities within Windows shortcut .link files.

From The Tech Herald:

During an interview this afternoon, Jamz Yaneza,  Threat Research Manager for TrendMicro,  confirmed that they are seeing new exploits in the wild since the proof  of concept code started to circulate, targeting a much wider base of  users due to the Windows shell vulnerability. “I generally think that  the fix for this is going to be a requirement,” he said.

The exploitation of the vulnerability itself  can come from rogue shortcuts on a USB drive, the most common attack  vector seen by TrendLabs, but there are other vectors, including the  potential for malicious links to be embedded in various file formats,  such as documents, or placed in network share.

In addition, there is an option to push drive-by-downloads if a  malicious link is embedded on a Website. To be fair, while drive-by-downloads are possible, they haven’t been used.

[Article Link]

Facebook friend suggestions can occasionally spit out social algorithms of friends or family who have passed on. The People You May Know box is also capable of producing the same results.

In a blog post Facebook writes:

“The question soon came up: What do we do about his Facebook profile? We had never really thought about this before in such a personal way. Obviously, we wanted to be able to model people’s relationships on Facebook, but how do you deal with an interaction with someone who is no longer able to log on? When someone leaves us, they don’t leave our memories or our social network. To reflect that reality, we created the idea of “memorialized” profiles as a place where people can save and share their memories of those who’ve passed.”

If you have a deceased  friend or family member who did not include advance directives for their Facebook account, the form to memorialize or remove their profile is located here.

If you choose to memorialize the profile you must provide a link to the obituary as Proof of death so that a staff member can review and authenticate the request.

There is a site on the web that deals with social networking directives:

Legacy Locker is a safe, secure repository for your digital property that lets you grant access to online acounts for friends and loved ones in the event of death or disability. It’s like a digital safety deposit box.

Until next time – stay safe online!

Cyber-criminals have created a new version of the Zeus crimeware toolkit.

Zeus 3 is far more selective in the banks that it targets. Two different flavors are available:

1. Target banks located in Spain and Germany
2. Target financial institutions located in the UK and US

The updated features are making it very difficult for security researchers to figure out because the malware is now operating on a need to know basis.

“It employs layers of protection by applying the principle of least privilege. It means that the bot must only access remote command, information and resources that are necessary to a specific function and purpose.” –John Leyden, The Register

Source: Zeus baddies unleash nasty new bank Trojan • The Register

SANS study: One in five mobile devices running malware | Malware – InfoWorld.

Ask a painful question, get a painful answer: That was the lesson the SANS Institute’s Internet Storm Center (ISC) learned recently when it surveyed its membership on the subject of malicious programs that target mobile devices like iPhones and BlackBerrys. –infoworld.com

Check out even more coverage at http://driphter.com and follow @willyboy6 and @driphter3g on twitter for the most up to date Blackberry and Hybrid OS news!

Your Money/Your Health: A guide to healthcare apps for your smart phone – latimes.com.

“Is there an app for that?” When it comes to consumer healthcare applications for smart phones, the answer, increasingly, is yes.

There are now close to 6,000 consumer health apps, according to a review published in March by mobihealthnews, which reports on the mobile health industry, and more are being added every day. Many are free, or cost $1 to $10 to download.