Comment DayZ (Score 1) 219
Bah! That's nothing come back with a story after someone spends 10 years in the world of DayZ. :)
Submission + - AntiVirus Firms Out of their League with Stuxnet, Flame 2
Hugh Pickens writes writes: "Mikko Hypponen, Chief Research Officer of software security company F-Secure, writes that when his company heard about Flame, they went digging through their archive for related samples of malware and were surprised to find that they already had samples of Flame, dating back to 2010 and 2011, that they were unaware they possessed. "What this means is that all of us had missed detecting this malware for two years, or more. That’s a spectacular failure for our company, and for the antivirus industry in general." Why weren't Flame, Stuxnet, and Duqu detected earlier? The answer isn't encouraging for the future of cyberwar. All three were most likely developed by a Western intelligence agency as part of covert operations that weren’t meant to be discovered and the fact that the malware evaded detection proves how well the attackers did their job. In the case of Stuxnet and DuQu, they used digitally signed components to make their malware appear to be trustworthy applications and instead of trying to protect their code with custom packers and obfuscation engines — which might have drawn suspicion to them — they hid in plain sight. In the case of Flame, the attackers used SQLite, SSH, SSL and LUA libraries that made the code look more like a business database system than a piece of malware. "The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets," writes Hypponen adding that it’s highly likely there are other similar attacks already underway that we haven’t detected yet because simply put, attacks like these work. "Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.""
Comment Hardware Keyloggers (Score 1) 210
Feeling secure firing up a clean desktop?
Might want to check the back of the PC or even better bring your own keyboard.
The solution is better than nothing but I still wouldn't trust Internet cafe's --> http://www.keelog.com/
Might want to check the back of the PC or even better bring your own keyboard.
The solution is better than nothing but I still wouldn't trust Internet cafe's --> http://www.keelog.com/
Comment SSH bots by City (Score 1) 90
This page has a visualized correlation of ssh blacklisted IP's against Cities. It is updated daily. Source is the sshbl.org blacklist.
Current daily winners are Moscow and San Francisco with 17 each.
http://hackertarget.com/ssh-blacklist/
Current daily winners are Moscow and San Francisco with 17 each.
http://hackertarget.com/ssh-blacklist/
Comment OSSEC a better choice (Score 1) 396
http://www.ossec.net/ with central management on locked down machines would be more helpful in detecting anomalous behavior and security issues on the systems. Its also free so no wasted tax payer money on unneeded software.
Comment Xmarks Users (Score 1) 268
LastPass acquired Xmarks (browser plug-in for bookmark syncing) last year no mention of that database of more than 4.5 million users being breached.
- http://blog.xmarks.com/?p=2033
- http://blog.xmarks.com/?p=2033
Comment Nagios + Cacti an excellent combination (Score 1) 45
Cacti is great for graphing performance, capacity planning and spotting anomalies while Nagios is tops for monitoring / alerting.
I have worked with many different monitoring tools and suites both commercial and open source. A well configured Nagios / Cacti solution is hard to beat for stability and usability.
Facebook Master Password Was "Chuck Norris" 319
I Don't Believe in Imaginary Property writes "A Facebook employee has given a tell-all interview with some very interesting things about Facebook's internals. Especially interesting are all the things relating to Facebook privacy. Basically, you don't have any. Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it. There's an internal system to let them log into anyone's profile, though they have to be able to defend their reason for doing so. And they used to have a master password that could log into any Facebook profile: 'Chuck Norris.' Bruce Schneier might be jealous of that one."
Comment Re:I'm (still) seeing penetration attempts (Score 1) 89
Have a look at OSSEC with active response.
Comment Brute Force ssh attacks from Amazon (Score 3, Interesting) 89
"This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity"
I posted to my blog back in June that Amazon cloud nodes were compromised and performing brute force SSH scans against some of my hosts.
This story and my post merely highlight the obvious fact that most cloud services are just scalable hosting. Remember your instance / slice / vm can be compromised like any other web host.
Amazon Cloud Service Brute Force Attacks
I posted to my blog back in June that Amazon cloud nodes were compromised and performing brute force SSH scans against some of my hosts.
This story and my post merely highlight the obvious fact that most cloud services are just scalable hosting. Remember your instance / slice / vm can be compromised like any other web host.
Amazon Cloud Service Brute Force Attacks
Comment Autowhaler = crowd sourcing? (Score 1) 137
Since the tool is not run locally you can only assume that all the submitted url's are going into someone's database.
That someone is going to collect a lot of hacked accounts very quickly.
Hackers vs Phishers vs Hosted Hacked account collection Service?
That someone is going to collect a lot of hacked accounts very quickly.
Hackers vs Phishers vs Hosted Hacked account collection Service?
Comment It is significantly faster (Score 1, Informative) 73
I have just added the latest version to HackerTarget.com.
Across the board I am seeing significant speed improvements over 4.85.
Congratulations to the developers this looks like another quality release. I am looking forward to testing some of the new features to determine what additional capabilities can be added to our online scanning.
* Full disclosure - I run HackerTarget.com *
Across the board I am seeing significant speed improvements over 4.85.
Congratulations to the developers this looks like another quality release. I am looking forward to testing some of the new features to determine what additional capabilities can be added to our online scanning.
* Full disclosure - I run HackerTarget.com *
Nmap 5.00 Released, With Many Improvements 73
iago-vL writes "The long-awaited Nmap Security Scanner version 5.00 was just released (download)! This marks the most important release since 1997, and is a huge step in Nmap's evolution from a simple port scanner to an all-around security and networking tool suite. Significant performance improvements were made, and dozens of scripts were added. For example, Nmap can now log into Windows and perform local checks (PDF), including Conficker detection. New tools included in 5.00 are Ncat, a modern reimplementation of Netcat (with IPv6, SSL, NAT traversal, port redirection, and more!), and Ndiff, for quickly comparing scan results. Other tools are in the works for future releases, but we're still waiting for them to add email and ftp clients so we can finally get off Emacs!"
Slashdot Top Deals
Wasn't there something about a PASCAL programmer knowing the value of everything and the Wirth of nothing?
