Weekend Reading
U.K. to hear hacker's case against extradition to U.S.
Gary McKinnon, the ex-systems administrator accused of conducting the biggest military hack of all time, has won the right to have his case against extradition to the U.S. heard by the U.K. House of Lords
McKinnon, who is accused of causing $961,000 worth of damage to computers by hacking into systems belonging to the Pentagon, NASA and the U.S. military from his home in North London, could face a life sentence in jail with no chance of repatriation if he is extradited to the U.S.
Take a look HERE.
Have you ever noticed how the "estimated damage" for all these hacks borders on a seven figure amount. I realise that the "expert consultants" analysing these hacks come at a cost of [approx] US$300/ hour, but I still believe that the RIAA has set ridiculous precedents in asking for excessive sums of money.
Lithuania refuses extradition to US for cyber-crime suspect
A Lithuanian court said Tuesday that it had rejected a US extradition request for a suspected cyber-criminal accused of defrauding online stores. In a statement, the Baltic country’s appeals court said it had turned down the joint demand by US justice authorities and Lithuania’s chief prosecutor, on the grounds that Paulius Kalpokas’ alleged offences took place within Lithuania.
Take a look HERE.
Why a US trial?
If it's an international crime why not do a local charge and trial?
Oh yeah, I forgot, we all live in bush's grand empire as slaves of america, excuse my momentary confusion.
Australia drops pants and bends over
Unlike Lithuania, our [present Australian] Government has never had any form of intertnational backbone. Hew Raymond Griffiths, the leader of the warez group "Drink or Die", who had never even visited the US became the first foreigner to be extradicted to the US to face charges of copyright infringement. He had spent 3 years in an Australian prison fighting the extradition, but a court in Australia ruled against him earlier this year.
In terms of laws, are Australians vulnerable to lawsuits from MPAA / RIAA?
Normally, no. However, Howard done got us into a free trade agreement with the US, which basically means that if any Australian is infringing on US legislation with regards to anything related to corporate law, distribution of products and material (intellectual or tangible), etc. then US corporations can sue Australian citizens for infringing US law, as logical as that is.
So people in Sweden can thumb their noses at the RIAA and MPAA acting like the World Copyright police enforcing the US Digital Millennium Copyright Act as if US law is Global - but Howard forfeited Australian's protection from lawsuits from US corporations in exchange for... Erm... Whatever it was that was supposed to be the benefit of going into a free trade agreement with the US.
Lower tariffs? Oh, no... That's only US->AU.
Allowing Australian businesses to better expand into the US and compete on a fair level? Oh, no... That's only US->AU.
Really struggling to find a benefit here.
==================================================================
Internet Archaeology Article
[Published in 2600 - The Hacker Quarterly, Summer 2007]
The Internet Archive happens to house more than meets the eye. They don't only archive the text and images from days gone by - they also archive videos, archives, executables, and more, which are somewhat revealing. You just have to know how to look. This article tells you how to find these, so you can enjoy them!
Take a look HERE.
==================================================================
Blacklists - make the right choice
I have used real-time blacklists myself since a dozen or so years ago. I've worked for companies and managed servers that have been listed on blacklists more than once unwarranted. I can't help but notice some huge changes between the granddaddy lists I did support and some of the current breed I'd stay away of. As with all things the most negative experiences will stand out, but there's a lesson to be learned in how to detect the "bad" blacklists and how to avoid them.
Take a look HERE.
==================================================================
Remote Password Guessing - Concerns, Observations, Recommendations
As an organization's IT security practices mature, it gets better at protecting its network perimeter systems: the patches get applied more regularly, the firewall rules become more restrictive, the OS gets locked-down more rigorously. Even at such companies, authentication systems often lag behind. If the employees, partners, customers, vendors need to remotely access an application with logon screen that requires a password, two things will often hold true:
Take a look HERE.
==================================================================
July Reports
When Trojans Go Phishing – 500,000 Users Already Infected
Finjan, a leader in secure web gateway products [has there ever been a report issued by a company that has not been by a "leader" in the field], today released a report detailing how new Crimeware (Crime Software) [wow - another scary ....WARE word] is being used to steal banking customer data from infected PCs. During July 2007, Finjan has identified 58 criminals using the MPack toolkit who have successfully infected over 500,000 unique users. The infection ratio stands at 16% from 3.1 million attempts – indicated by the web traffic volumes of the infecting sites.
Take a look HERE.
Drive-by downloads remain cybercriminals' favorite web threats
Sophos, a world leader in IT security and control, has revealed the most prevalent malware threats causing problems for computer users around the world during July 2007.
Take a look HERE.
==================================================================
Crypto is no magic bullet for data protection
Piling on unending layers of static security can be costly and burdensome, Art Coviello told an audience of federal administrators recently. Too much cryptography can be overkill.
This was a surprising statement coming from the president of the RSA Security division of EMC, a name almost synonymous with encryption. But Coviello wasn’t dissing encryption. He was continuing a message he has been delivering this year on the need for a holistic rather than product-based approach to security. The caveat against relying too heavily on encryption was a common theme at the symposium where he spoke.
Take a look HERE.
==================================================================
Raising the bar: dynamic JavaScript obfuscation
Couple of days ago one of our readers, Daniel Kluge, pointed us to a web page with some heavily obfuscated JavaScript code. The operation was typical and consisted of a compromised site that had an obfuscated iframe which pointed to the final web site serving various exploits.
The obfuscation of the iframe was relatively simple but the second stage was more heavily obfuscated with some things we’ve never seen before.
Take a look HERE.
==================================================================
A beginner's guide to BitTorrent - Lifehacker
Despite the fact that BitTorrent has been around for a good 6 years now, the lightning fast file sharing protocol hasn't completely taken off in the mainstream.
Most people reading this probably use it, but if not, here's a great little guide.
Take a look HERE.
Gary McKinnon, the ex-systems administrator accused of conducting the biggest military hack of all time, has won the right to have his case against extradition to the U.S. heard by the U.K. House of Lords
McKinnon, who is accused of causing $961,000 worth of damage to computers by hacking into systems belonging to the Pentagon, NASA and the U.S. military from his home in North London, could face a life sentence in jail with no chance of repatriation if he is extradited to the U.S.
Take a look HERE.
Have you ever noticed how the "estimated damage" for all these hacks borders on a seven figure amount. I realise that the "expert consultants" analysing these hacks come at a cost of [approx] US$300/ hour, but I still believe that the RIAA has set ridiculous precedents in asking for excessive sums of money.
Lithuania refuses extradition to US for cyber-crime suspect
A Lithuanian court said Tuesday that it had rejected a US extradition request for a suspected cyber-criminal accused of defrauding online stores. In a statement, the Baltic country’s appeals court said it had turned down the joint demand by US justice authorities and Lithuania’s chief prosecutor, on the grounds that Paulius Kalpokas’ alleged offences took place within Lithuania.
Take a look HERE.
Why a US trial?
If it's an international crime why not do a local charge and trial?
Oh yeah, I forgot, we all live in bush's grand empire as slaves of america, excuse my momentary confusion.
Australia drops pants and bends over
Unlike Lithuania, our [present Australian] Government has never had any form of intertnational backbone. Hew Raymond Griffiths, the leader of the warez group "Drink or Die", who had never even visited the US became the first foreigner to be extradicted to the US to face charges of copyright infringement. He had spent 3 years in an Australian prison fighting the extradition, but a court in Australia ruled against him earlier this year.
In terms of laws, are Australians vulnerable to lawsuits from MPAA / RIAA?
Normally, no. However, Howard done got us into a free trade agreement with the US, which basically means that if any Australian is infringing on US legislation with regards to anything related to corporate law, distribution of products and material (intellectual or tangible), etc. then US corporations can sue Australian citizens for infringing US law, as logical as that is.
So people in Sweden can thumb their noses at the RIAA and MPAA acting like the World Copyright police enforcing the US Digital Millennium Copyright Act as if US law is Global - but Howard forfeited Australian's protection from lawsuits from US corporations in exchange for... Erm... Whatever it was that was supposed to be the benefit of going into a free trade agreement with the US.
Lower tariffs? Oh, no... That's only US->AU.
Allowing Australian businesses to better expand into the US and compete on a fair level? Oh, no... That's only US->AU.
Really struggling to find a benefit here.
==================================================================
Internet Archaeology Article
[Published in 2600 - The Hacker Quarterly, Summer 2007]
The Internet Archive happens to house more than meets the eye. They don't only archive the text and images from days gone by - they also archive videos, archives, executables, and more, which are somewhat revealing. You just have to know how to look. This article tells you how to find these, so you can enjoy them!
Take a look HERE.
==================================================================
Blacklists - make the right choice
I have used real-time blacklists myself since a dozen or so years ago. I've worked for companies and managed servers that have been listed on blacklists more than once unwarranted. I can't help but notice some huge changes between the granddaddy lists I did support and some of the current breed I'd stay away of. As with all things the most negative experiences will stand out, but there's a lesson to be learned in how to detect the "bad" blacklists and how to avoid them.
Take a look HERE.
==================================================================
Remote Password Guessing - Concerns, Observations, Recommendations
As an organization's IT security practices mature, it gets better at protecting its network perimeter systems: the patches get applied more regularly, the firewall rules become more restrictive, the OS gets locked-down more rigorously. Even at such companies, authentication systems often lag behind. If the employees, partners, customers, vendors need to remotely access an application with logon screen that requires a password, two things will often hold true:
Take a look HERE.
==================================================================
July Reports
When Trojans Go Phishing – 500,000 Users Already Infected
Finjan, a leader in secure web gateway products [has there ever been a report issued by a company that has not been by a "leader" in the field], today released a report detailing how new Crimeware (Crime Software) [wow - another scary ....WARE word] is being used to steal banking customer data from infected PCs. During July 2007, Finjan has identified 58 criminals using the MPack toolkit who have successfully infected over 500,000 unique users. The infection ratio stands at 16% from 3.1 million attempts – indicated by the web traffic volumes of the infecting sites.
Take a look HERE.
Drive-by downloads remain cybercriminals' favorite web threats
Sophos, a world leader in IT security and control, has revealed the most prevalent malware threats causing problems for computer users around the world during July 2007.
Take a look HERE.
==================================================================
Crypto is no magic bullet for data protection
Piling on unending layers of static security can be costly and burdensome, Art Coviello told an audience of federal administrators recently. Too much cryptography can be overkill.
This was a surprising statement coming from the president of the RSA Security division of EMC, a name almost synonymous with encryption. But Coviello wasn’t dissing encryption. He was continuing a message he has been delivering this year on the need for a holistic rather than product-based approach to security. The caveat against relying too heavily on encryption was a common theme at the symposium where he spoke.
Take a look HERE.
==================================================================
Raising the bar: dynamic JavaScript obfuscation
Couple of days ago one of our readers, Daniel Kluge, pointed us to a web page with some heavily obfuscated JavaScript code. The operation was typical and consisted of a compromised site that had an obfuscated iframe which pointed to the final web site serving various exploits.
The obfuscation of the iframe was relatively simple but the second stage was more heavily obfuscated with some things we’ve never seen before.
Take a look HERE.
==================================================================
A beginner's guide to BitTorrent - Lifehacker
Despite the fact that BitTorrent has been around for a good 6 years now, the lightning fast file sharing protocol hasn't completely taken off in the mainstream.
Most people reading this probably use it, but if not, here's a great little guide.
Take a look HERE.
posted by vanish at 8:30 AM
0 Comments:
Post a Comment
<< Home