Inside Dark Networks

Yesterday I attended the above meeting in the Bay Area. I joined two years ago and the group has gone from strength to strength.
We had an excellent presentation covering a study of 517 U.S. Secret Service cases, and their conclusions on current Identity Theft Perpetrators, Victims and Methodologies. It was followed by a Panel led [...]

What a day!
Leaving aside my pain in enriching the government with my checks yesterday, I received a rather interesting email in my inbox today.
It came from McAfee….apparently Matt Asay is saying McAfee has slandered open source by a comment I wrote in my white paper ( http://www.cnet.com/8301-13505_1-9917989-16.html) and (www.mcafee.com/us/local_content/white_papers/wp_botnet.pdf).
First Assumption: I am a McAfee minion [...]

 
If you own a domain name, you will likely have received a slew of emails similar to the one below. They are part of a new phishing scam. Do NOT reply as they will only solicit further information from you, which will be used to rip you off.
Some points to note: [...]

VMWare has recently released its ESX 3.5 server. While the ‘free’ server version has some benefits, the overhead to run it is way too high, so ESX is still the best way to virtualize.
After reviewing the forums, there still exist a number of problems when pursuing the home ESX server option. The main issue being version 3.X has very limited [...]

The ISACA Silicon Valley Chapter’s Winter conference is in full swing. This year it has been split into two separate tracks (Information Security and IT Governance) on consecutive days.
IT governance is really starting to get interesting in 2008. This is for a number of reasons. With the downturn in the economy, there are two things [...]

Botnets are back in the news. Leading experts have recently gone on record stating we are losing the war on botnets. Then yesterday, McAfee released a whitepaper showing startling success in Central America against botnets. This has ignited a debate in both the IPS and botnet sub-cultures of the Information Security World.
Botnets are problematic for [...]

During recent months I created a presentation which described the recent evolution of hackers, primarily covering their motivations. This we presented in the UK, France and Germany. There were follow up presentations in Poland and the Czech Republic. However, rather than create a world tour, I changed the presentation into the format of an article [...]

There are a number of interesting security initiatives right now. Most of them are technical but one which has drawn my attention is educational. 
 
There is a major initiative underway in the Bay Area to create a High School security initiative and have this taught in every California High School, eventualy as a mandatory core unit. [...]

California Assembly Bill 2415 ( by Speaker Fabian Núñez ) passed today and now goes to the Governor. What does it actually do?
http://democrats.assembly.ca.gov/members/a46/press/a462006116.htm
http://www.mercurynews.com/mld/mercurynews/15397371.htm
Hopefully it means more secure wireless networks. In the Bay Area almost 50% of consumer wireless access points have no encryption turned on. Many of these devices have their passwords still set to [...]

Today Google finally opened their free GoogleWifi to all residents of Mountain View California. Tempted though I am to ditch my current provider and migrate to Google, I must question….How am I sure it is Google I am connecting to?
It could be an ‘Evil Twin’ access point masquerading as a legitimate Google Wifi Access point. [...]

So within the last two days, I have received three new spam/phishing atttempts. What is so bizarre about these? They all pretend to have links either with Ireland or at least use an Irish persons name, here’s two of the most interesting:
 
 
 
Return-Path:
Received: from galadriel.portugalmail.pt (galadriel.portugalmail.pt [195.245.179.73])
     by XXXXXXXXXXXXXXXXX with ESMTP id k7AETcrP030275
     for XXXX@.xxx.com Thu, 10 Aug [...]

WPA is slowly replacing WEP in the home. A quick wardrive around my suburban area of Silicon Valley produced some interesting results. On average, using a simple Netgear WG511T card (without external antenna), there were 8 wireless networks within reach. Of these approximately 60% were using WEP for encryption, 30% were unencrypted and 10% were [...]

For many years Foundstone has been teaching the dark side of Google in its Ultimate Hacking courses, and its “Hacking Exposed” series. Google is the number one search tool for hackers. It allows you to carry out full reconnaissance on your target. It is a goldmine of information for those interested in data theft, exploits, [...]

Privacy on the internet is eroding…and eroding quickly.
A few months ago we had the Google search warrant debacle. Now we have the AOL release of very sensitive information on its subscribers.
 
Some of it is quite illuminating.
We have AOL User 2281868: Looking For Gay Black Superman With An Overbite
http://consumerist.com/consumer/aol/aol-user-2281868-looking-for-gay-black-superman-with-an-overbite-193001.php
More scary stuff at http://aohellsearches.ytmnd.com/
User 927 searches range [...]

Today is not a good day for security patches, and it’s not even Microsoft’s patch Tuesday.
One of the top two consumer security vendors has been in the news for not-so-positive reasons, but a patch for the affected products should be out after intensive testing. But those of us using wordpress, it is time to upgrade to version 2.04 as [...]