Archive for November, 2005

Nov 30 2005

Changes to the RSS feeds

Published by under Site Configuration

I just made some changes to the RSS feeds to enable the full post in RSS rather than just the excerpt. I validated the feeds, but please let me know right away if you experience any issues at netsecpodcast@mckeay.net

One response so far

Nov 30 2005

Diebold made their choice

Published by under Security Advisories

It’s official: Diebold election bugware can’t be trusted | The Register

It looks like Diebold decided it’s better for them to pull out of North Carolina altogether than risk letting the security of their voting machines be examined. I have to agree with this Register article, in saying that there’s no legitimate reason to pull out of the competition if they didn’t have anything to hide. I hope a lot of other states take up the call for voting machine disclosure.

No responses yet

Nov 30 2005

Phishing Test

Published by under Phishing, scams, etc.

MailFrontier Phishing IQ Test

Take a moment to look at this site and go through their Phishing IQ test. I only scored 8 out of 10, but the two I missed, I missed because I thought they were Fraudulent, when they were legitimate. Then come back and post your score in the comments.

6 responses so far

Nov 29 2005

Network Security Podcast, Episode 3

Published by under Podcast

Oy, I can’t believe what I just did. I spent over an hour preparing for the podcast, recorded it, and then as I’m editing the audio, I decided to close the Firefox tabs. As I close the last one I realized I hadn’t created the show notes yet. D’ohh. So, if I’ve missed a link, please let me know and I’ll add it as soon as I can. Tonights show is just over 45 minutes, including the music at the end! At this rate, I’ll have to go to a twice weekly show. Download the file and listen to me rant about Diebold voting machines, talk about the EPIC Top 10 and Chilling Effects, as well as give my own views on PCI.

As a side note, I think some of the audio effects I’m picking up are the built in sound card on my system. I thought it was pretty good, but I’ll just have to buy a better sound card and find out (next year, that is).

Network Security Podcast, November 29, 2005 – Episode 3

Tonight’s podsafe music by: RedshellThe Answer

DoS Exploit for MS05-053 released

Microsoft Internet Explorer “window()” Arbitrary Code Execution Vulnerability


EFF challenges Diebold exemption in North Carolina


N.C. judge declines protection for Diebold


California invites Black Box Voting to hack Diebold voting machines


Fasten your seatbelts – It’s time to bring this thing in for a landing


Hoofnagle’s Consumer Privacy Top 10


Consumer Protection


Excommunicated?


Chilling Effects


Efficient Process or Chilling Effects?


FBI Warns the Public


PCI Data Security Standards

As always, thanks for listening, and you can send feedback to netsecpodcast@mckeay.net.

No responses yet

Nov 29 2005

Firefox 1.5 is out!

Published by under General

Time to stress test the Mozilla Foundation file servers! I gotta quit blogging so I can go download it myself.

Spread Firefox!

No responses yet

Nov 29 2005

Upgraded IE vulnerability

Published by under Security Advisories

Secunia – Advisories – Microsoft Internet Explorer "window()" Arbitrary Code Execution Vulnerability

 This vulnerability has been upgraded to ‘Extremely Critical’ in large part because there is no patch to combat it yet.  The only saving grace is that it requires luring a user to surf to a malicious website. 

 One more reason for you to switch to Firefox if you’re not using it already.

 

3 responses so far

Nov 29 2005

DoS Expoit for MS05-053

Published by under Security Advisories

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System

They don’t make it clear at the Internet Storm Center if this is just a Proof of Concept or an in-the-wild threat, but an exploit that could cause resource exhaustion (ie. 100% CPU usage) is out there. I’m sure a remote code exploit can’t be far behind. Secure your systems, patch as soon as you can. The vulnerability discovery to vulnerability exploit window is shrinking every day. Soon it’s going to be a matter of hours.

No responses yet

Nov 29 2005

eCheck Compromised

Published by under Hacking

Netcraft: Hacked Server Exposes Brokerage Customers’ Data

ONce again, one of the payment processors that most people have never heard of was compromised and put a business’s customers at risk. In this case, a payment vendor, eCheck Secure was running Windows 2000 and IIS 5.0 (why 5.0?), and the server was compromised, exposing customers of online brokerage firm Scottrade.

I know that merchants are being required to meet with the Payment Card Industry (PCI) Data Security Standards, but what sort of standard are these payment processors being held to? How is it that eCheck was running such an old version of IIS on a Win2K system? If anyone out there knows what standards the payment processors are being held to, please let me know.

One response so far

Nov 28 2005

Sober getting out of control

Published by under Malware

Have you seen some of the new variations of the Sober worm out there recently? We’ve so many at work that I’ve had to explain to at least a dozen people about Sober, and that’s after sending out several emails. Our AV is keeping up, but a lot of people are getting excited about the notifications they receive when the virus is intercepted. I can’t entirely blame them, wouldn’t you be a bit worried if you got an email from the FBI telling you about logs linking you to illegal sites?

I can only hope they manage to locate some of the jokers responsible for the latest of this obnoxious virus.

No responses yet

Nov 28 2005

Sony artists are feeling the pain

Published by under Hacking

I’ve been trying to ignore the Sony situation for the last week or so. I’ve had just about enough of the silliness, listening to Sony try to play off the situation, and the RIAA mouth pieces saying Sony did the right thing. But now it turns out it’s not just the fans and people purchasing CD’s that are getting angry about the Sony rootkit; artists are seeing a drop in their CD sales due to the bad press.

I know if I was an artist, I’d be royally PO’d. And if I was a lawyer, I’d be looking at a big opportunity. Once again, Sony has punished the people who put the money in their coffers, with a technology that will barely slow down a dedicated pirate. Good job guys.

2 responses so far

Next »