Thursday, August 31, 2006

Anonymous No More

In early August, officials at America Online released information about searches being conducted by AOL members and users of the AOL search tool. This historical data was released onto the Internet by several AOL officials, to demonstrate how useful such data could be for tracking patterns, uses and interest of AOL members. The data was anonymized, with members being assigned random ID numbers instead of userid’s or names, and was only online for a few days. The New York Times demonstrated, however, how easy it was to take that anonymized data, and with a few keystrokes, determine the identity of the searcher, and their personal interests, likes and dislikes – indeed to create a profile of users from this anonymized data. The persons responsible for the "data breach” at AOL were fired – more for a public relations problem than anything else. The case demonstrates how any database, once collected, can be misused, and the significant lack of legal protection for similar information.

Read the article HERE.

A wireless hacking computer that can't be hacked

If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. A small security firm has made a portable computer that is capable of scanning 300 networks simultaneously. Dubbed the Janus Project, the computer also has a unique Instant Off switch that renders the captured data inaccessible.

The computer is the brain-child of Kyle Williams from the Janus Wireless Security Research Group in Portland, Oregon. We first spotted Williams sitting quietly and sipping Mountain Dew at the recently held Defcon security convention at the Riviera Casino in Las Vegas, Nevada. While it appeared as if Williams wasn't ver busy, the bright yellow Janus computer in front of him was scanning and capturing data from hundreds of wireless networks in range.

Read the article HERE.

Ultimate Power Users Tool List for Windows

Scott Hanselman's 2006 Ultimate Developer and Power Users Tool List for Windows. Everyone collects utilities, and most folks have a list of a few that they feel are indispensable. Here's mine. Each has a distinct purpose, and I probably touch each at least a few times a week. For me, util means utilitarian and it means don't clutter my tray. If it saves me time, and seamlessly integrates with my life, it's the bomb. Many/most are free some aren't. Those that aren't free are very likely worth your 30-day trial, and perhaps your money.

View the list HERE.

Wednesday, August 30, 2006

10 Reasons Security Products Don't Work

If there's one thing security users and vendors agree on, it's that there's no silver bullet for preventing an attack. No combination of security tools, and certainly no single product, can guarantee the safety of your network and data.

But customers and vendors see things very differently when it comes to why security tools can't do it all out of the box. IT managers say security tools are very reliable in protecting their sensitive data and often make more work for them with false alarms, security holes, complexity, and lousy support from the vendors. Security vendors blame user frustration on misconceptions and false expectations on just what these tools can do in the age of ever-more sophisticated hackers and increasingly profitable cybercrime, as well as how organizations deploy and maintain their products (or not).

Read the article HERE.

Sun Acknowledges Security Hole

I have always dreaded security updates from Sun Micrososystems to fix problems in their Java software. For one thing, the updates typically are huge and time consuming, the instructions for downloading and installing the fixes labrynthine, and when all is said and done you may still have older, vulnerable versions of the software scattered around the insides of your computer.

Last week, Sun issued another update to its J2SE Runtime Environment (JRE), but the advisory came with a caveat: Even if you apply the latest patch, your machine may still be vulnerable to attacks if you never bother to uninstall or remove older versions of the software.

Read the article HERE.

Vista Security

Vista, not improving security?

Longtime reader and correspondent Phil Daley, a developer for a software vendor, dropped me a line saying he's three weeks into a four-week project to evaluate one of his company's products on Windows Vista. The goal is to identify any problems and recommend changes and fixes.

Daley tells me his company has a dozen install issues, but they're somebody else's problem. On the other hand, he has just found one command (out of 140) that crashes in Vista but not in XP.

Of course Microsoft is overengineering security in Vista. It has been beaten up so badly over the hundreds of security issues in the existing versions of Windows that it had no choice; it had to build Vista like a hardened nuclear bunker with blast-proof doors surrounded by fences with really picky guards checking your credentials.

Read the article HERE.

Microsoft Makes Security Blunder with Vista

There will always be people who just think it's cool to run the next version of "Product X" before everyone else. They feel like they're an insider, part of a clique and see themselves as being able to help shape the destiny of that product. Fine, as long as you realize the fire you're playing with. If you've nothing to lose, then why not? But if you're concerned about what you've got on the box or what might attack it, then you've really got to ask yourself if that "coolness" is really worth it.

Read the article HERE.

Microsoft bets big on Vista security

Microsoft's Vista developers can't catch a break these days. After years of warnings from security researchers that old code in Windows was creating security risks, the software giant decided to rewrite key parts of the operating system.

The result? Last month,
Symantec published a report suggesting all of this new code will introduce new security problems.

Read the article HERE.

Lock In Key Security

Noah Nordrum isn't proud of what he's become. He is now, officially, a cracker. Could it really be that easy? He changed the date to 2010, saved the file, and started up the program.

Read the article HERE.

Tuesday, August 29, 2006

Interesting Forensics Tool

Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk.

Read the article HERE.

AOL 9.0 Slapped with 'Badware' Label

The high-powered coalition has slapped a "badware" label on the free version of the AOL 9.0 software program.

The group, which is funded by Google, Lenovo Group and Sun Microsystems, accused AOL of installing additional software without telling the user; adding components to the browser and taskbar without disclosure; automatically updating software without user consent; and making the AOL 9.0 software difficult to fully uninstall.

"We currently recommend that users do not install the version of AOL software that we tested," according to a report released Aug. 28 by

Read the article HERE.

Microsoft's Windows Media DRM 10 Cracked

A user called "viodentia" has posted links on the the message boards to a program called FairUse4WM that is capable of cracking Microsoft's DRM 10, which protects files offered by PlaysForSure-commpatible music stores. The program is an easy-to-use front end to an app called drmbg that strips DRM headers from "secure" WMA files. Although he apparently developed the program to allow people to play their legally purchased music on the device of their choice, the potential for abuse is fairly high.

Read the article HERE.

Are you a phisher? Looking for free hosting?

Tripod offers free web pages to anyone. So you would think that they would try to avoid getting phishing sites hosted on their servers.

You know, doing the easy stuff. Like preventing people from creating new hosts with names like "pay-pal-redirect"? Or perhaps every now and then scanning user-created content to find obvious copies of eBay or PayPal login pages?

But apparently they aren't doing this. With a few trivial searches you can find several PayPal phishing sites on Tripod:

Read the article HERE.

Outlook Passwords

This article was originally meant to tell you about a funny passwords collision in Outlook's PST files. Later on, it was expanded to demonstrate that despite the drawbacks the program's advantages by much exceed its closest competitors and tell you about techniques used for storing personal data. Besides, it is very convenient to follow the development of the cryptography idea using Outlook as an example. It can be generally projected to the development of the entire line of Windows operating system in whole.

Read the article HERE.

Monday, August 28, 2006

Make your password safe on the Internet

Most of Internet users often use the same password at many sites. A phishing attack on one site will expose their passwords at many other sites.

Seeking to stem the proliferation of phishing scams, researchers at Stanford University have developed a simple plan to prevent a stolen password from being used to access an authentic site.

Read the article HERE.

If you would like to use this utility it is available for download.

Visit the website HERE.

Questions arise on PC World tests

A sweeping review of 10 security suites published in a major computer magazine last month featured some very unlikely rankings for this crucial category of products. After examining the evidence, I've found that some material facts were omitted from the article, rendering its ratings useless.

The cover of the July 2006 PC World Magazine promised a review of security suites that would give readers "total protection against spyware, hackers & spam." Inside the magazine, a lengthy article summarized extensive test results by, a respected antivirus research group based in Magdeburg, Germany.

The magazine's product rankings, however, seemed inexplicable.

Read the article HERE.

Cheat Sheet Updates

Mozilla Thunderbird Cheat Sheet

Leslie Franke, creator of the Firefox cheat sheet, has now created a similar reference for Thunderbird.

Read it in HTML or PDF format.

Unix Cheat Sheet

Learn UNIX in 10 minutes. Version 1.2
NO - you won't learn Unix in 10 minutes, but a great reference source.

Available HERE.

Internet Explorer 7 Quick Reference Sheet

Learn all the new shortcuts HERE.

Sunday, August 27, 2006

Windows Live Toolbar Phishing Filter

Microsoft's Phishing Filter is proving to be quite a success, thanks not only to all of the IE7 and MSN/Windows Live Toolbar users who are actively reporting phishing sites, but also thanks to data sharing between MS and third party data sources.

Recently MS have been adding up to 17,000 URLS a month to its Phishing Filter service. This figure is sure to continue to grow as more people use IE7 and MS adds new data provider partners.

From February to Mid Aug 2006 the Phishing Filter helped block over 800,000 instances of people trying to access reported phishing websites using IE7 or MSN/Windows Live Toolbar. This figure includes almost 500,000 blocks since IE7 Beta 2 was released.

Read the article HERE.

Java Plugin Security Issue

A security issue has been reported in Sun Java Plugin and Sun Java Web Start, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused by an error that allows applets and applications to run with a version of the JRE that it is not specified to run with (e.g. that does not have the latest security fixes).

Read the alert HERE.

Weekend Reads

Search Engine Hacking

Much like MSN hacking, and the ever popular Google hacking, Yahoo! as well exposes really cool data in the same way that MSN and Google does. Now that all three major search engines provide the same interesting data, information security people need to be aware of what is stored in the Yahoo! URL database as well. The process of using search engines for targeting and profiling vulnerabilities within search engines is common across all the big three.

Read the article HERE.

================================================================== WiFi Is Not A Simple Replacement For Ethernet

If you have a network of computers, and tire of running Ethernet cables, I'm sure you've thought of replacing the Ethernet cables with WiFi. But WiFi cannot replace Ethernet. The total bandwidth of a WiFi LAN is limited. You have to protect your LAN from your neighbors. And noise, both analogue and digital, will further reduce your bandwidth.

Read the article HERE.

================================================================== 'Hacker-In-A-Box' Tests Attack Scenarios

Few "ethical" hackers can provide simulated attacks with the level of sophistication that Cenzic offers in its Hailstorm "hacker-in-a-box" penetration tester.

Hailstorm's unique non-signature based technology interprets results during realtime attacks without comparing results with signature-based databases. The tool's interpreting engine eliminates false positives by providing generic solutions to attacks.

What's more, Hailstorm doesn't focus on any specific vendor's technology, since it uses generic scripts to attack different kinds of applications. Santa Clara, Calif.-based Cenzic provides all the source code for its attacks so that anyone can copy them and create their own scenarios.

Read the article HERE.

================================================================== How to set up WPA2 on your wireless network

If you are like most people, your home or small office wireless router probably is running without any encryption whatsoever, and you are a sitting duck for someone to easily view your network traffic. Some of you have put encryption on your wireless networks but aren't using the best wireless security methods. This means that you are running your networks with inferior protocols that offer a false sense of protection because these protocols are very easily broken into. It is the difference between using a deadbolt and a simple lock on your front door.
Read the article HERE.

================================================================== Online spy plan raises fears over privacy

Powerful, intrusive new technology is about to be used to spy on New Zealanders online. The software, developed to hunt movie pirates, can track internet searches in what an international privacy watchdog says is an alarming intrusion. It can trace Google searches and other download attempts back to the computer they came from.

Read the article HERE.

Saturday, August 26, 2006

The Consumer Reports testing scandal

Over the past two weeks, Consumer Reports has been slammed by the bulk of professional researchers in the security community for testing antivirus programs using 5,500 “fake” viruses.

In addition to antivirus programs, Consumer Reports tested antispyware applications. And they have now confirmed that they did not test against any spyware for their antispyware testing. (Feel free to read that sentence again.)

Instead, their entire test of antispyware applications was based on running applications against Spycar, a set of applications written by Intelguardians that mimic spyware behavior — directly against the explicit instructions of the Spycar developers.

Read the article HERE.

New websites and software releases

New free IM utility

iGo Incognito is a new Instant Messaging (IM) system that ensures your privacy and security. iGo Incognito is the only IM system providing end-to-end encryption using a combination of Public Key Encryption and the Advanced Encryption Standard.

Visit the website HERE.

Freenigma - email encryption done right

During the last two days I had a chance to test drive Freenigma, the recently released email encryption service for webmail users. What I like more of Freenigma is its “Johnny can encrypt” approach. For the average Johnny cryptography is insanely complex, while Freenigma makes a point of hiding this complexity under a very simple user interface.

Read the article HERE.


EverPrivate is a new free Web based privacy tool. Cover your tracks from any PC, anywhere, anytime, without installing software.

Visit the website HERE.

SpamhOle allows you to create a temporary email address; For the number of hours that you choose, all email to address is automatically forwarded to your regular email address. After time is up, any new mail that comes to your spamhole address is automatically deleted. This way, you never have to give your email address out when you sign up for stuff on the internet. You can create a spamhole address, sign up for stuff on the internet, and not have to worry about your mailbox becoming a target for spammers.

Click HERE to get started.

USBDumper Poses New Endpoint Security Threat

A new security application has popped up that when installed on your computer will copy files from any USB flash drive installed to it silently in the background. I don’t think you need to think too deeply on the security threat this can pose.

This application doesn’t just copy the files from a USB drive, but acutually makes an image of the USB drive, this becomes a larger problem as someone with malicious intent can use undeletion tools to recover files that were deleted from the drive.

Now in addition to dealing with data theft we have to start being careful where we stick our drives. Encrypting your USB drives is becoming more and more important as these internal hacking techniques become more and more predominant.

Download :

Source : Network Endpoint Security News

Dealing With Adware And Spyware

If early viruses like BubbleBoy and LoveBug make you pine for simpler times, then you are probably waging war against this millennium's far more tenacious foe: The stubborn crop of spyware that now infests three out of four PCs. From pesky adware like BonziBuddy to malicious malware like Trojan-Downloader-Zlob, spyware is literally choking corporate desktops and networks. Responsible for one out of four help desk calls and half of the PC crashes reported to Microsoft, spyware is draining IT resources and business productivity.

Worse, spyware is now morphing from nuisance to nightmare. Those seeking financial gain through spyware have evolved from tracking cookies and intrusive pop-up ads to more selective and insidious methods. For example, drive-bydownloads are installing exploit code onto PCs that merely visit websites, without user interaction. Phishing trojans are monitoring browser activity, waiting to capture identities and credentials during on-line banking transactions. Keyloggers are harvesting sensitive data from victims, violating privacy laws and industry regulations.

Read the article HERE.

Friday, August 25, 2006

How secure are you ?

New approach to antivirus security

"I fix people's computer problems for a living," says Jason Bradley, CEO of CCE Computer Solutions in Oxford, Miss., who estimates he handles about 400 computers. "For the last year, the scanning antivirus programs have been just about useless. They just can't keep up with the threats. I had a machine that had 132 pieces of malware on it and it had antivirus and antispyware running."

Read the article HERE.

Why home firewall software is a leaky dike

The configuration of a personal firewall is usually more than most users can handle anyway. To understand the system's warning, the user must understand the meaning of IP addresses, host and client names as well as ports, the BSI reports.

Read the article HERE.

Why SiteKey Can't Save You

SiteKey shows web banking customers a “secret image” – a little icon of a mandolin or a coffee mug or something else – that only the customer and the bank are supposed to know. Customers of SiteKey-using banks are told that if their correct secret image appears a purported bank web page, they can be sure that they are connected to the bank’s real web site, and can safely enter passwords and other secrets. Nobody could guess a person’s secret icon chosen from a pool of hundreds of images, right?

Read the article HERE.

Fugitive nabbed after Skype call

The fugitive former CEO may have been convinced that using Skype made him safe from tracking, but he — and everyone else that believes VoIP is inherently more secure than a landline — was wrong. Tracking anonymous peer-to-peer VoIP traffic over the Internet is possible [PDF]. In fact, it can be done even if the parties have taken some steps to disguise the traffic.

If nothing else, this reinforces the message that despite appearances, nothing we do on the Internet is truly anonymous.

Read the article HERE.

Mozilla Firefox News

Mozilla Firefox Exploit

There is a vulnerability in Mozilla Firefix that can result in a DOS condition.

Read the alert HERE.

Vista and Firefox

Mozilla has accepted Microsoft's offer of help towards ensuring interoperability between Firefox and the upcoming Vista operating system.

Read the article HERE.

Microsoft Re-Releases Internet Explorer Patch

Microsoft yesterday re-released a patch it originally issued earlier this month to plug security holes in its Internet Explorer Web browser.

Read more HERE.

Thursday, August 24, 2006

Sophos Releases Rootkit Removal Tool

Anti-virus vendor Sophos has released a free rootkit detection and removal tool alongside a warning that the stealthy malware threat is a legitimate security concern for businesses. Sophos said its rootkit cleaner offers an easy-to-use interface to scan all running processes, local hard drives and the Windows registry for rootkits.

Read the article HERE.

Java Plugin Security Issue

A security issue has been reported in Sun Java Plugin and Sun Java Web Start, which can be exploited by malicious people to bypass certain security restrictions.

Read the alert HERE.

IE PassView v1.00

IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Beta version of Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0

Take a look HERE.

Microsoft Office Security - Part One

The flood of recent Microsoft Office vulnerabilities has brought forth the need to understand the mechanics of the MS Office security architecture and the possible fault injection points. This article discusses Microsoft Office's OLE Structured Storage and the nature of recent dropper programs and other exploit agents, in an effort to scrutinize the workings of some of the recent MS Office exploits. The second part of this article then collates some forensic investigation avenues through different MS Office features. Parts of the article sample different MS Office vulnerabilities to discuss their nature and the method of exploitation.

Read the article HERE.

How Safe Are Sponored Search Links

Earlier this year McAfee sponsored a rather interesting survey of search engine safety. Safety, that is, from the ‘how safe are the links they deliver and you click’ angle. Now, for the longest time, I have harbored a passing suspicion that the dodgiest links you can follow from any search engine are those that fall into the paid for placement category. You know, those links that appear at the top of the results heap no matter what; those that always fill the contextual advertising sidebars; those that try to tempt you away from the real search algorithm deduced deal.

Read the article HERE.

Wednesday, August 23, 2006

What is Active Virus Shield?

Active Virus Shield is free anti-virus for your PC that combines traditional antivirus programs, stopping them before they can infect your computer. Active Virus Shield is based on Kaspersky Lab’s award winning Personal Anti-Virus.

I mentioned in a recent post that I was curious to know how Active Virus Shield (powered by Kaspersky) would perform by allowing it to scan a computer that has known risks and infections. After running the scan with Active Virus Shield, I decided to test the other 3 freeware antivirus products - AVG, AntiVir and Avast!.

AVG, AntiVir and Avast are widely used programs so the arrival on the scene of Active Virus Shield is somewhat interesting because it is a service now being offered at no charge by AOL.

View the [ surprising ] test results HERE.

Active Virus Shield : Description and download [14.08Mb] HERE.
An email address is required to download the programme.

You will be sent an activation code for the software.
I advise against installing the Tool Bar.

There have been some privacy issues with this software.
AOL has announced that it will be revising the EULA.

You will need to uninstall AVG, AntiVir or Avast before installing Active Virus Shield.

Yahoo adds phishing shield

Yahoo is testing a new security feature that lets users customize their login page, a measure designed to thwart information thieving phishing scams.

The feature requires people to create a unique "sign-in seal" on a specific PC. This seal - a text message or photo - will be displayed on the Yahoo login page when visited with that computer, according to a description of the feature on Yahoo's Web site.

Read the article HERE.

Look At All Of These Passwords!

If you use any number of popular web forums or even some commercial services like,, or your provider’s webmail service, you may not be aware that you’re sending your credentials over the Internet in the clear.

Ever wonder why so many hosted websites and mail servers get mysteriously ‘hacked’ so easily? Hey, it’s simple when you send the username, password AND the domain that the user is administering in the clear!

Read the article HERE.

Tuesday, August 22, 2006

Anti-keylogger for Internet Explorer

Amid the recent slew of news of identity thieves worming into our computers with spyware and malware to copy our keystrokes to steal our vital information, here comes some bright news for users of Microsoft Internet Explorer: A browser plugin named KeyScrambler.

The new anti-keylogging tool takes only a minute to download. It is an invaluable addition to the IE users’ computing security for it protects all login pages, not just one or two sites, and it does so by encrypting (or “scrambling”) the user’s keystrokes at the kernel driver level, before keyloggers can record them.

Because traditional anti-spyware and anti-virus programs typically depend on having a known signature of a keylogger before they can detect and remove it, the traditional way of combating keyloggers are ineffective in that they often work after the keyloggers have already stolen the users’ information. KeyScrambler employs a radically different method that works against known and unknown keyloggers. By encrypting the keystrokes at the kernel driver level and decrypting them within the browser itself, KeyScrambler gives keyloggers only indecipherable, encrypted keys to record.

The Personal edition is free for download at the company’s website HERE.

Search Engine Tool Gets You Lost In The Crowd

Web developers at Unspam Technologies Inc. have created a new tool that helps consumers protect their privacy by sending erroneous search data to AOL, Ask, Google, MSN, and Yahoo on their behalf.

Unspam CEO Matthew Prince said "Lost In The Crowd" took one week to build. The company built the tool in response to the recent AOL Inc. debacle, where thousands of subscribers found their search data had spilled onto the Internet.

Read the article HERE.

Virtual PCs the key to secure computing

For readers’ convenience, I’d like to summarise the long list of present best practices in client-system security implemented by all InfoWorld US readers.

Read the article HERE.

List of Recently Hacked Servers On the Internet

This site lists recently hacked servers on the Internet. All the information related to computer crimes (i.e. defacements) contained in Zone-H were either collected online from public sources or directly notified to us. Zone-H is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

See the list HERE.

CleverSafe in NY Times

Reporter John Markoff covers the project's history and promise in the August 21, 2006 issue.

Read the story HERE.

CleverSafe is an open source community creating software for dispersed data storage.

Visit the website HERE.

Monday, August 21, 2006

Cool and Illegal Wireless Hacks

So, why write an article called “Cool and Illegal Wireless Hacks” that details how to perform hotspot hacks? Some would say it is irresponsible and enables those with ill intent to hack unsuspecting victim’s machines. It really depends which way you look at it. Would you rather be left in the dark on what types of attacks can occur, how they are performed and not know how to protect yourself against them? Doing so would not make the threats go away; in part, you would simply be denying that they exist. Surely, it is safer to be open and honest about the threats, understand how they can occur then become educated on and implement the appropriate countermeasures. In large part, that is why my articles always detail not only how to perform the hacks, but really focus on how to protect against them. The purpose is not to teach people how to hack, but rather to educate on how to prevent systems from being exploited.

Read the article HERE.

Ethics and Virus Testing

How come discovering vulnerabilities and writing exploits is "research," but creating viruses for testing is a crime against humanity? The anti-virus community is abuzz in controversy over the tests performed recently by Consumer Reports on anti-virus products.

Read the article HERE.

Port Knocking 101 - The Basics

In computing, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specified port(s).

Read the article HERE.

AVG Anti-virus Free Edition [ or not ]

AVG Anti-Virus Free Edition now complains (as of a few days ago) if it detects you have more than 1 machine at home running AVG Free Edition. It then displays a popup message with a hyperlink to 'become legal'. Clicking the link brings you to AVG's website where you are offered the paid professional version to purchase. It welcomes you with what I took as a sarcastic "Welcome to the legal AVG community!".

Read the article HERE.

Sunday, August 20, 2006

Weekend Reads

How Municipal WiFi Works

In this article, you'll learn about the amazing things that these networks can do -- besides potentially providing free or cheap Internet access. You'll also learn about the technology behind them and why "Municipal WiFi" can be a misnomer.

Read the article HERE.

Top 25 Wireless Tips & Tricks

Learn how to set up an ad-hoc Wi-Fi net, share files and Internet connections wirelessly, toggle Wi-Fi on and off, and more. Both Windows XP and Mac OS X have powerful built-in support for Wi-Fi and Bluetooth.

Unleashing that power, to share files, internet connections, and more, is not always easy, however. And wireless terminology can sometimes seem impenetrable. Following are our top tips for unlocking the secrets of Wi-Fi.

Read the 5 page article HERE.

16 Security Scanners Unplugged

An analysis of how well 16 popular security products cope with the latest generation of security threats. As a first step towards clarification I decided earlier this year to carry out a series of tests on home computer security programs. The first of these, reported here, is on signature based security products, the most widely deployed of all home computer security programs.

This class of security product based products includes anti-virus, anti-trojan and anti-spyware scanners. The tests I conducted were quite unlike the traditional tests of such products that focus on the adequacy of their signature detection.

In contrast, I wasn't interested in signature detection but rather how well the products were equipped to handle the latest generation of security tests.

Read the reviews HERE.

Five Firewalls For Your Desktop PC

It's a dangerous world out there - but which firewall should you use? We rate the five top software firewalls and let you know which is the best.
Firewalls tested are :
McAfee Internet Security Suite
Microsoft Windows Firewall [
Don't laugh - read this ]
Symantec Norton Personal Firewall 2006
Trend Micro
PC-cillin Internet Security 2006
ZoneAlarm Internet Security Suite 6.5

I am amazed by the selection criteria for some of these tests. It seems that only the firewalls of the big spending advertisers ever seem to make the list.

Read the reviews HERE.

A Nation Divided Over Piracy

Concerned about the reach of copyright and patent law, Falkvinge erected a web page with a sign-up form for a radical new pro-piracy party to compete in Sweden's parliamentary system. He didn't know if anyone would care, but the next day the national media picked it up, and two days later international media started calling.

The site was flooded with new members -- enough for the nascent movement to sail past the requirements for participation in the national election. Falkvinge now faced a decision: stay with his nice job and let the whole thing quietly sink, or quit and become a campaigning politician. He chose to become the leader of Sweden's newest and fastest-growing political party: Piratpartiet, or the Pirate Party.

Read the article HERE.

An interview with two 'granny hackers'

One of the best things that can happen at a show like Black Hat is making new friends, especially if they are not only brilliant, but also compliment you on your Linux T-shirt. That's how I met Terri Gilbert and Becky Bace, two of the most fascinating geek/security pros I've ever run across. I won't hazard a guess at their ages, but if you called them "granny hackers" they would probably not be offended.

Read the article HERE.

Friday, August 18, 2006

AOL 'Stalker' Website Unleashed

Remember our recent discussion on AOL releasing search data on its users? What if I told you that someone has not only put that data into a database, but has done some preliminary analysis on the data and released these statistics?

What if I told you that everything you search for on this site was tracked (oh the irony!) , logged and released to the public as well?

Well, knock yourself out at AOL Stalker.

Read the article HERE.

Encryption does work

If you use encryption you won't be surprised by the fact that it works. I make no judgements on why you may use it - to secure your passwords or to secure your activities. It is a security device available to all.

U.K. police: Let us seize encryption keys

Because British law enforcement officers don't have the authority to seize encryption keys, an increasing number of criminals are able to evade justice, a senior police officer said.
Suspected terrorists, pedophiles and burglars have all walked free because encrypted data couldn't be opened, Detective Chief Inspector Matt Sarti of the Metropolitan Police said Monday during a public meeting in London.

"There are more than 200 PCs sitting in property cupboards which contain encrypted data, for which we have considerable evidence that they may contain data that relates to a serious crime," Sarti said. "Not one of those suspects has claimed that the files are business-related, and in many cases, the names of the files indicate that they are important to our investigations."

Read the article HERE.

IM Sniffer

Intercepts and decodes all instant message traffic sent/received by the computer (currently AOL Instant Messenger, ICQ, MSN and Yahoo but will support more in version 0.9). A high performance engine delivers real time message logging. Conversations can be viewed immediately or saved for later analysis. This program is intended for concerned parents/spouses as well as network administrators. Freeware.

Visit the homepage HERE.

Thursday, August 17, 2006

Spam Quiz

Are you spam savvy?
Can you tell which sites will respect your personal information?
Can you tell which ones might sell your e-mail address to spammers?
Can you spot the spammy Web sites?

Take the Spam Quiz and find out HERE.

Webroot releases spyware report

Spyware infection rates have risen to the highest levels since 2004 when the Internet security scourge was at its supposed peak, according to latest State of Spyware report issued today by Webroot Software, the leading anti–spyware developer.

Read the report HERE.

Secure Surfing at the Coffee Shop

Tip of the Day for those of you that are interested.

Read the article HERE.

Wednesday, August 16, 2006

Your Life as an Open Book

Privacy advocates and search industry watchers have long warned that the vast and valuable stores of data collected by search engine companies could be vulnerable to thieves, rogue employees, mishaps or even government subpoenas.

Four major search companies were served with government subpoenas for their search data last year, and now once again, privacy advocates can say, “We told you so.”

AOL’s misstep last week in briefly posting some 19 million Internet search queries made by more than 600,000 of its unwitting customers has reminded many Americans that their private searches — for solutions to debt or bunions or loneliness — are not entirely their own.

Read the entire article HERE.

Ingredients for a Successful Hack

XSS, Cookies, and Session ID Authentication

Cross site scripting (XSS) errors are generally considered nothing more than a nuisance — most people do not realize the inherent danger these types of bugs create. In this article Seth Fogie looks at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access to the web server.

Read the article HERE.

Cross-Site Scripting Flaws Abound

Brian Krebs at Security Fix - to whom we link quite often - has dedicated quite a bit of "ink" lately to covering the dangers of cross-site scripting flaws -- programming errors commonly found on commercial Web sites that phishers and online scam artists can use to trick users into giving away personal and financial data. Last month, we pointed to several such flaws on Web sites built by financial institutions.

Read the entire article HERE.

Tuesday, August 15, 2006

Windows Mobile Security Software Fails the Test

Since developers are not in a hurry to keep their users information secure... we feel compelled to publish - with exclusivity granted to us by author till August 21, 2006 - an article, that reveals various problems with Windows Mobile software from various software vendors! This article is a "must read" for any serious user of Windows Mobile...

Read the full article HERE.

Anonymous Web Surfing

Welcome to the Dark Side

Today, the Swedish Pirate Party launched a new Internet service that lets anybody send and receive files and information over the Internet without fear of being monitored or logged. In technical terms, such a network is called a "darknet". The service allows people to use an untraceable address in the darknet, where they cannot be personally identified.

The service is provided by the Swedish high-tech company Relakks, which offers a neutral IP on top of your existing ISP service through a strongly encrypted VPN connection. Basically, this gives users the advantage of a Swedish IP address from anywhere in the world.

The cost of the service is
5 euros per month, and it is available now at Relakks.

Read the official press release HERE.


FoxyProxy is an advanced proxy management tool that completely replaces Firefox's proxy configuration. FoxyProxy is a Firefox extention that allows you to take back your privacy. Can't get to MySpace from school? Can't use instant messenger at work? Tired of the unreliability of open proxies and the slowness of Tor? FoxyProxy proxying is fast AND reliable.

For more information visit the Firefox website HERE.

For those of you who are unable to, or just do not want to configure the browser to use a proxy, you may use their web based proxy to surf.

Surf anonymously with FoxyProxy HERE.

Daily Proxy List

You are also able to protect your privacy by browsing through one of the many anonymous proxy sites listed.

Visit the website HERE.

Perspective: Why Internet security continues to fail

In his public farewell to the Internet security community three years ago, the famed security researcher known as Rain Forest Puppy opined that the Internet security community was allowing commercialism to trump common sense when it came to security thinking--a situation that he believed contributed to growing Internet insecurity.

Read the entire article HERE.

Monday, August 14, 2006

HuckABuck - exciting new search engine

HuckABuck is a new meta-search engine with the twist. It mingles results from Google, Yahoo, MSN, Technorati, Digg, and - and lets you adjust the priorities among those engines.

When you run a search at Huckabuck, you have the option to use their search tuner. It looks exactly like a graphics equalizer and works the same way. You also have the option of using the virtual keyboard to search using only your mouse. It works for me.

Visit the website HERE - then click the "search tuner" button.

Can you crack the code?

Can you crack the code?
Do you have code-breaking skills?

Want to show them off?
This is your chance!

Each week, a new code will be posted for you to solve. This code will consist of a phrase written in English, which has been encrypted by hand using several simple processes. No complex computer algorithms will ever be used in the encryption process, as the aim of this challenge is to be able to decrypt the message manually.

This week’s code is HERE.

Covert channel tool hides data in IPv6

An independent security researcher showed off an early version of a tool for creating covert channels that, he claims, can pass undetected through most firewalls and intrusion detection systems.

Read the article HERE.

Sunday, August 13, 2006

Yahoo! Mail service vulnerable to hacking

Exclusive : Simple security vulnerability allows hackers to gain control over email boxes by sending malicious code.

Yahoo : We are distributing a repair.

A test conducted by Nir Goldshlager and Roni Bahar from the Israeli security company Avnet shows hackers may gain access to Yahoo!Mail users' mailboxes by sending an email message with a malicious code.

Read the article HERE.

Weekend Reads

Hiding sensitive data in Windows metadata repository

It’s a week past DefCon, but there’s still one presentation that I wanted to post about. It was one of the late ones, where one feels tired and exhausted, but the content was worth sticking for. Irby Thompson and Mathew Monroe from Lockheed Martin came with exploit and data hiding techniques, that would allow a Windows user to instantly increase available storage. For free.

Read the article HERE.

cDc Release Automated Malware Analyzer

CULT OF THE DEAD COW (cDc), a prominent technology activist group, proudly announces a new application designed to collect, analyze, and ultimately help defeat malicious software (malware). Accessible via, the application gives programmers and end-users free access to a library of over 31,000 hostile software files, including viruses, rootkits, spybots, worms, etc. Users can upload an unknown or suspicious file into the library, request a match, and instantly obtain information on the malicious file, including an analysis of how it operates.

Read the original article HERE.

Blocking peer-to-peer applications
Peer-to-peer applications, also known as file-sharing applications, are a huge threat to security both in corporations and in the home. There are dozens of different types of file-sharing applications available, but most of them have some things in common. The basic premise is that they allow users to share a portion of their hard disk, and at the same time, they give users access to the shared hard drives of others who are running the software.

Although millions of people use peer-to-peer applications, don't for a moment think these apps are above suspicion. They pose some very serious threats to your organization's security. Here are some of those threats:

Read the entire article HERE.

Windows defense handcuffs good guys
A protective feature in Windows is locking out the good guys, but letting in a lot of bad guys, according to security software makers.

Microsoft designed PatchGuard to safeguard core parts of Windows, including Vista, against malicious code attacks. But some security companies say that the feature makes it harder for them to protect Windows PCs, as it locks them out of the kernel, the core of the operating system.

Read the entire article HERE.

Defcon 14 Wrapup

Security Fix is just now getting around to blogging about some of the other highlights from the Defcon hacker conference I attended this week in Las Vegas. I realized I never mentioned a Defcon talk from Friday given by Thomas X. Grasso, who's part of the FBI's National Cyber-Forensics and Training Alliance.

Perhaps the funniest and most engaging speaker I've heard from the likes of the FBI, Grasso gave a fantastic talk about what law enforcement really means when it says most cyber criminals running spam, spyware and virus attacks on the Internet today are really just organized crime groups whose turf is the Internet.

Read the article HERE.

Saturday, August 12, 2006 security 'insufficient'

Researchers at French Ministry of Defense say vulnerabilities with open source office suite may rival those of Microsoft's version. With Microsoft Corp.'s Office suite now being targeted by hackers, researchers at the French Ministry of Defense say users of the software may be at even greater risk from computer viruses.

"The general security of OpenOffice is insufficient," the researchers wrote in a paper entitled "In-depth analysis of the viral threats with documents". "This suite is up to now still vulnerable to many potential malware attacks," they wrote.

Read the entire article HERE.

Lost zpy.dll And In ZoneAlarm Hell?

Unfortunately at the moment ZoneAlarm’s firewall has an issue if you try to uninstall it from your computer’s control panel. When you go to reinstall you’ll become very aware you’re missing zpy.dll and the installer can’t connect to TrueVector. This is no direct attack on Grisoft who I’ve used for three years - software updates sometimes have bugs. The cure is easy enough and requires a couple of simple steps.

Read more HERE.

First anti-spyware for U3 launched

Canadian company ParetoLogic has become the first vendor to offer an anti-spyware tool for use from portable U3 USB drives.

Read the entire article HERE. I infected or not?

The Windows Live Safety Team reports that some users are confused on how Live Safety detects an infection. The confusion seems to come from the scanner informing the user during the process of the scan that something has been detected. However, once the scan completes, the user is shown that nothing has been found on their system. So you’re asking, what’s the deal with that?

Read the official response HERE.

Friday, August 11, 2006

Windows Worm Warnings No Joke

As the spotlight on a dangerous Windows vulnerability grows brighter by the hour, security analysts Thursday said that it's not hype driving the alarms, but genuine fear that a major worm attack is just days away.

"This is no drill," said Mike Murray, director of research at vulnerability management vendor nCircle. "And no, this isn't an overreaction. We've always said that some day there would be another big, serious vulnerability.

Read more about the alert HERE.

Fake Name Generator

The False Identity Generator is a simple, web-based tool that generates a random first and last name, a valid city, state, and zip code with matching telephone number, and a few other identity details often required for online registrations.

Visit the website HERE.

Internet banking weaknesses - It’s all in the math!

The technology that has changed the security landscape is keylogging. A keylogger is a program or device that captures the keystrokes inputted by the user. But this kind of keylogger is the most basic. Combine a keylogger with a screen capture program that captures an image of the screen at the time that a password is being entered and you have something that's extremely difficult to counter using current technology.

Read the article HERE.

Virus Fact: You Need to Be Virus Free

For years I have been advising and informing business men and women that they really “should” keep on top of the virus scene if for no other reason than to save themselves the grief a subsequent virus infection can cause. Those days are way over. You no longer have any choice; you need to make sure if you are going to participate online that you do the simple basics necessary to keep your system and those you communicate with as risk-free as possible from infection.

Read the entire article HERE.

Thursday, August 10, 2006

Origin of Unwanted Internet Ads

More than half of the pop-up ads served by nuisance "adware" programs are placed knowingly by advertisers, according to a study released today by the Center for Democracy & Technology (CDT).

Although many ads purchased by major national companies pass through complex networks of affiliates before being displayed by nuisance adware distributors, 55 percent of the ads served by those distributors are placed directly by the companies being advertised, according to "Following the Money II: The Role of Intermediaries in Adware Advertising."

Read the article HERE.
A copy of the report is available HERE.

Google promises all searches stay private

Google CEO Eric Schmidt has a message for Google users: Your searches are safe.

AOL has been in hot water this week for inadvertently releasing customer searches for a research project. But Schmidt, speaking at an industry conference here, says Googlers have nothing to worry about.

Read the article HERE.

AntiVirus Software Vulnerabilities

PC Tools AntiVirus Insecure

Secunia Research has discovered a security issue in PC Tools AntiVirus, which can be exploited by malicious, local users to gain escalated privileges.

Read more about the alert HERE.

CA eTrust Antivirus WebScan Vulnerabilities

CA eTrust Antivirus WebScan contains multiple vulnerabilities that can allow remote attackers to gain privileged access or execute arbitrary code.

Read more about the alert HERE.

Defcon Speakers Team Up to Fight 'Queen Bots'

Imagine for a moment that our central defense against bank robbers was a technology that recognized criminals based largely upon their physical appearance. Now imagine that the bad guys had figured out a way to rapidly and automatically change not only their facial structure, but their height, weight, clothing and method of attack. The net result those attacks would ultimately be more successful and profitable bank robberies, encouraging the bad guys to step up the frequency and brazenness of their attacks.

That is a rough analogy for describing the dirty little secret of the anti-virus industry today -- that the authors of computer worms and viruses designed to turn regular computers into spam-spewing and data-stealing zombies or "bots" are increasingly outpacing the security vendors, by automatically updating the genetic makeup of their creations before anti-virus companies have time to ship updates to their detection files. As a result, we have an industry whose business is predicated on 10 to 20 percent of its customers being successfully attacked before it can even begin to respond, according to some estimates.

Read the entire article HERE.


Researchers from the University of Pennsylvania School of Engineering and Applied Science warn against an entirely new threat to computer security: peripheral devices – such as keyboards, mice or microphones – which could be physically bugged in an attempt to steal data. Penn graduate student Gaurav Shah has identified a class of devices that could covertly transmit data across an existing network connection without the user's knowledge.

They are called JitterBugs, named by Shah's advisor, Penn Associate Professor Matthew Blaze, for both the way they transmit stolen data in "jittery" chunks by adding nearly imperceptible processing delays after a keystroke and for the "jitters" such a bug could inspire in anyone with secure data to safeguard.

Shah presented his findings Aug. 3 at the USENIX Security Conference in Vancouver, B.C., where it was designated the "Best Student Paper" by conference organizers. As proof of the concept, Shah and his colleagues built a functional keyboard JitterBug with little difficulty.

"This is spy stuff. Someone would need physical access to your keyboard to place a JitterBug device, but it could be quite easy to hide such a bug in plain sight among cables or even replace a keyboard with a bugged version," said Shah, a graduate student in Penn's Department of Computers and Information Science. "Although we do not have evidence that anyone has actually been using JitterBugs, our message is that if we were able to build one, so could other, less scrupulous people."

JitterBug devices are conceptually similar to keystroke loggers, such as the one famously used by the FBI to gather evidence against bookmaker Nicodemo Scarfo Jr. Unlike keystroke loggers, which would have to be physically installed into a subject's computer and then retrieved, a keyboard JitterBug only needs to be installed. The device itself sends the collected information through any interactive software application where there is a correlation between keyboard activity and network activity, such as instant messaging, SSH or remote desktop applications. The bug leaks the stolen data through short, virtually unnoticeable delays added every time the user presses a key.

Anytime the user surfs the web, sends an e-mail or instant messages someone, an implanted JitterBug could be timed to open a covert jitter channel to send stolen data. According to Shah, a JitterBug could not log and transmit every touch of the key due to limited storage space on the device, but it could be primed to record a keystroke with a particular trigger.

"For example, one could pre-program a JitterBug with the user name of the target as a trigger on the assumption that the following keystrokes would include the user's password," Shah said. "Triggers might also be more generic, perhaps programmed to detect certain typing patterns that indicate some sort of important information might follow."

JitterBugs are potentially worrisome to governments, universities or corporations with information meant to be kept confidential. One particular scenario is what Blaze refers to as a "Supply Chain Attack," in which the manufacture of computer peripherals could be compromised. Such an attack could, for example, result in a large number of such JitterBugged keyboards in the market. An attacker would only then need to wait until a target of interest acquires a bugged keyboard.

According to Shah, the channel through which the JitterBug transmits data is also the point where it could be most easily detected and countered.

While his presentation only discussed simple countermeasures to JitterBugs, Shah's initial results indicate that the use of cryptographic techniques to hide the use of encoded jitter channels might be a promising approach.

"We normally do not think of our keyboard and input devices as being something that needs be secured; however, our research shows that if people really wanted to secure a system, they would also need to make sure that these devices can be trusted," Shah said. "Unless they are particularly paranoid, however, the average person does not need to worry about spies breaking into their homes and installing JitterBugs."

Read the entire "Best Student Paper" HERE.

Source : University of Pennsylvania

Wednesday, August 09, 2006

Microsoft Fixes 23 Security Flaws

Microsoft Corp. today released free software updates to fix nearly two dozen security holes in its Windows operating system and Microsoft Office products. At least 17 of the 23 flaws could be exploited by attackers to hijack vulnerable systems or to install malicious code, the company warned.

Keep in mind that if you are using Office 2000 you will not be able to get those fixes through Microsoft Updates or through automatic updates. Office 2000 users will need to visit Microsoft's Office site and click on the "check for updates" link in the upper right corner of the screen.

Updates explained in detail HERE.

AntiSpyware Comparison Report

Some very surprising results.

See the report HERE.

Malicious Code / Phishing Alert

Websense Security Labs has received a sample of a new phishing Trojan that delivers stolen information back to the attacker via ICMP packets. Upon infection of a victim's computer, the Trojan will install itself as an Internet Explorer Browser Helper Object (BHO). The BHO then waits for the user to post personal information to a monitored website. As this information is entered by the user, it is captured by the BHO and sent back to the attacker.

Read the entire article HERE.

New Identity Theft And Online Fraud Techniques

Authors of computer viruses and threats (including phishing scams) are looking for direct financial profit from cybercrime. For this reason, they are using more innovative and diversified techniques to, above all, steal users’ identities or obtain bank details to commit fraud.

In the first half of 2006, PandaLabs registered a 50 percent increase in identity theft and online fraud related activity. What’s more, it detected new tricks that used phishing techniques but with different methods than those traditionally used.

Read the article HERE.

Tuesday, August 08, 2006

Don't take your guns to town

So there is this "Hack into a Mac wirelessly" attack that is making the news these days. Jon "Jonny Cache" Ellch and David Maynor showed a video at DEFCON demonstrating the attack. Many people opine that the reason for the video (rather than a live demonstration) is that Ellch/Maynor don't want to expose the details of the attack by having someone 'sniffing' in the room. I belive its that they are afraid of being exposed as frauds because if they exposed the details, everyone would walk away in disgust, because it's a trivial, straight-forward "we have code running in both machines" style of attack. Jim Thompson thoroughly deconstructs the supposed ‘exploit’ video.

Read the entire article HERE.

Black Hat 2006: 'l33t' or 'Lame?'

In the most entertaining presentation that I have ever attended at a technical conference, the infamous hacker Johnny Long explained to a capacity Black Hat audience how Hollywood has accurately portrayed hacking.

Long, who looks like he belongs in a Hollywood film, is perhaps best known for his online encyclopedia ( of Google hacks and is the co-author of the book Google Hacking for Penetration Testers.

Read the article HERE.

Eyeballing : A Brief Hacker History

Some are good and some are bad, but each are persons who enjoy exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

Visit the website HERE.

Monday, August 07, 2006

The Art of Defeating a Paypal Scammer

Are we doing something for the better good, or unwittingly participating in a DDOS attack?

Visit the website HERE.

DEFCON - The wall of sheep

The Wall of Sheep is a projector screen that displays captured usernames and passwords. The Wall, which originally was named as the Wall of Shame, is a time-honored tradition at Defcon where a loose knit group of people continuously sniffs the network for any plaintext usernames and passwords on the wired and wireless networks. Since this is a hacker convention, attendees using the Defcon network should protect their logins by using VPN, SSH or other encryption technology. Some attendees apparently didn't get the message.

Read the article HERE.

List of TCP and UDP port numbers

PORT NUMBERS [last updated 4 - August - 2006]

The port numbers are divided into three ranges:
Well Known Ports 0 through 1023

Registered Ports 1024 through 49151
Dynamic and/or Private Ports 49152 through 65535

More at Wikipedia, the free encyclopedia

IANA list of port assignments

Sunday, August 06, 2006

Weekend Reads

Hack Me!
Foundstone, the divsion at McAfee which develops vulnerability-assessment products, has posted
free tools to help software developers improve security at their e-commerce sites. Specifically, Foundstone has come up with Web-based mock-ups of an online bank, a bookstore, a shipping site and a desktop travel application.

Experimenting with these so-called "Hacme" mock-ups - which all have some sort of vulnerability planted in them - can show developers where security problems often crop up. The videos walk a user step by step through each attack allowing them to not only read about them in the user guide, but also see the attacks in action. Bringing the attacks to life gives the viewer a new way to experience the user guide and the attacks presented therein.

XP's No-Reformat, Nondestructive Total-Rebuild Option

Fred Langa shows you how to completely rebuild, repair, or refresh an existing XP installation without losing data, and without having to reinstall user software, reformat, or otherwise destructively alter the setup.

To learn how visit the website HERE.

Performing Security Code Reviews

No one really likes reviewing source code for security vulnerabilities; it’s slow, tedious, and mind-numbingly boring. Yet, code review is a critical component of shipping secure software to customers. Neglecting it isn’t an option.

I get to review quite a bit of code—not as much as I used to, but enough to keep me busy helping teams at Microsoft. Sometimes people just want my take on small snippets of perhaps 100 lines of code, and other times I get hundreds of thousands of lines.

People often ask how I review code for security vulnerabilities when faced with a massive amount to review. At a very high level, my process is simple:

Read the article HERE.

Decode cloaked URL's

You see them eveywhere -
And they do serve a purpose.
The above story link [Performing Security Code Reviews] has the following URL :

It has a length of 179 characters, but was able to be shortened into the following TinyURL which has a length of only 24 characters:

But aren't you sometimes wary of where you may end up by clicking one of these links? Now you can decode the "tiny.url" and allay those fears. Maybe.

To decode tiny URL's visit the website HERE.

How NERDY are You?

Have you been recently called a geek, a dork, a NERD? Do you want to be a nerd, geek, or dork? Well, this test is for you! This highly advanced 'test' will determine once and for all how nerdy you are. Upon completion, you will be given a score (out of 100) as to just how nerdy you are, plus a nifty little graphic and link that you can share with your friends (if you have any) so they can see how they measure up!

Do the test HERE.