from: CSP Online Magazine
Let me introduce you to the six dumbest ideas in computer security. What are they? They’re the anti-good ideas. They’re the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying “trying to ignore reality.” Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don’t fully understand the situation, but other times it’s just a bunch of savvy entrepreneurs with a well-marketed piece of junk they’re selling to make a fast buck. In either case, these dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted, unless you somehow manage to avoid them.
BIOS: The Quality Tech Guide
KeyPhantom has announced the release of its hardware USB keylogger device. Looking like a regular USB extension cable, the device records up to 2 million USB keystrokes in the flash memory contained inside the device.
from: ibm.com
Construct and package a Linux® LiveCD so that it will install using the standard Microsoft® Windows® install process and will operate as a standard Windows screensaver. Answering the most common concern about open source software, this article shows that, yes, Linux will run under Windows.
from InformationWeek
A new worm posing as a come-on to a Santa Claus site is traveling across all the major instant messaging networks, a security firm warned Tuesday, and when recipients visit the bogus site, they’re infected with a file hidden from sight by a rootkit.
IMlogic said that the worm, dubbed “M.GiftCom.All,” is circulating on the MSN, AOL, ICQ, and Yahoo instant messaging services, is a “Medium” threat, a relatively rare classification for the Waltham, Mass.-based company. Most IM worms and Trojans listed on its Threat Center receive only a “Low” classification.
Like virtually all IM worms, M.GiftCom.All includes a URL in messages it spams out to contacts hijacked from previously-infected PCs. When users naively visit that site — which is billed as a harmless Santa site — a file is automatically downloaded to their computers.
The file, usually named “gift.com,” includes rootkit elements that cloaks it from security software. In addition, the downloaded executable tries to disable a number of anti-virus programs, adds a keylogger to the system to capture confidential information, and then spreads to others by snatching names from the user’s IM client contact list.
IMlogic’s alert can be read in full here.
from Runtimeware.com
Advanced File Integrity Checker
Audits your system folder (as well as upto 20 other folders) for the slightest file changes and/or additions. If any files fail the integrity check, your anti-virus/trojan program will be notified
Registry Watcher
The RegWatch portion of Sentinel will warn your anti-virus program of programs that are trying to start up using the Registry (Sentinel covers all the bases here - even the “not known” startup methods by popular trojan horse viruses such as Sub7 and the newer Beagle worm).
Secure Shut Down
Shut Down your computer with confidence that no viruses or trojans will attempt to corrupt your system. This feature will automatically perform an Integrity Check and a Registry audit - all files that have been changed or modified will be scanned by your anti-virus scanner.
Automatic Logging
Logs every file that Sentinel sends over to your anti-virus scanner; every log can be re-scanned with ease
from informit.com
In part 1 of this series, we looked at the internals of WPA as compared to WEP, and saw how this wireless protection method can be cracked with only four packets of data. With a solid understanding of how keys are created, transmitted, validated, and then used to set up the encryption between two wireless devices, we’re ready to investigate how WPA can be cracked.
from MSNBC.com
Animal control officers from Pelican Man’s Bird Sanctuary came to get the owl, and said they smelled a strange odor on it when they did.
“Curiously enough, the owl’s feathers smelled very, very potently like marijuana,” said Jeff Dering, of the sanctuary. “They examined the owl, looked at its eyes … and the owl was, in the vernacular, stoned.”
Not tech, but incredibly funny… Make sure to click on the “images” link in the main article.
from MSN Real Estate
Rising prices for heating oil and natural gas could mean big bills this winter. Here are some things you can do to cut your costs.
Grab that free, low-hanging fruit
First, the freebies. These strategies may sound simplistic, but they work well:
* Turn down the thermostat. “The rule of thumb is that you can save about 3% on your heating bill for every degree that you set back your thermostat†full-time, says Bill Prindle, deputy director for the nonprofit American Council for an Energy-Efficient Economy (ACEEE). Turn down the thermostat 10 degrees when you go to work, and again when you go to bed — a total of 16 hours a day — and you can save about 14% on your heating bill, says Prindle.
* Use fans wisely. In just one hour, a hard-working bathroom or kitchen fan can expel a houseful of warm air, according to the Department of Energy. Turn them off as soon as they’ve done their job.
* Keep the fireplace damper closed. Heat rises, and an open damper is like a hole in the roof. Also, limit use of the fireplace, since fires actually suck heat from a room, says Harvey Sachs, director of ACEEE’s buildings program. Close off seldom-used rooms. And shut the vents inside.
* Turn down the water heater. Lowering the temperature of water in the water heater to 115-120 degrees reduces power use often without a noticeable difference to the user, says Prindle.
* Keep heating vents clear. Vents blocked by rugs and furniture prevent heated air from circulating efficiently.
* Use curtains. Opening curtains and shades on south-facing windows during the day allows solar radiation to warm a living space; closing all curtains at night helps retard the escape of that heat.
Web sites on the topic abound, but one of the best is run by the Department of Energy.
Happy Holidays from everyone at I-Hacked. Go ahead, pimpit.
from oreillynet.com/
Google free proxy!
Access restricted web sites using Google language tools service as a proxy.
Contributed by:
bigthistle
[12/20/05 | Discuss (3) | Link to this hack]
A little tutorial found on the italian site www.manuali.net inspired me for this hack. That tutorial suggests to translate a webpage, using Google translator, to access it even if restricted.
It worked fine but something else was needed… why translate?!
…
Ok, let’s start from the beginning. We all know that Google is more than a search engine; we do use it as provider for email, mapping, news and many other services. Google is now also a free proxy service.
Proxy is a device that stands between a PC and the internet, providing all the connections to the world wide web. What a proxy does is to receive all data from a requested site, so when you access web pages all data come from proxy.
What’s the purpose for Google as a proxy? We often use office/school/university connections, usually those services are set to provide more safety, blocking the access to undesidered web sites (the “black list”).
What you can do now is use Google translator service (language tools) as a proxy to bypass the restrictions set for our connection!
You just need to type the following URL:
http://www.google.com/translate?langpair=en|en&u=www.forbiddensite.com
(www.forbiddensite.com stands for the URL you need to go to…)
What you’ll get is the translation (english to english!) of the page you want to see… your connection is directed to a google.com page so this page won’t be blocked (would be blocked only with google.com on the black list), no matter what’s the content.
Notice that the URL has been a little hacked because the parameter “langpair”(1) is set to “en|en” (english/english) so the page is processed by Google but you can keep the original language of the page (no need to translate!).
If you need another language (e.g. french) you just need to set the parameter langpair to “fr|fr” and you’ll be able to read french pages in french!
A couple of examples:
english…
http://www.google.com/translate?langpair=en|en&u=hacks.oreilly.com
italian (my own homepage!)…
http://www.google.com/translate?langpair=it|it&u=www.bigthistle.altervista.org
Last but not least: if you use this trick, you’re not sure to protect your privacy, this kind of connection lets you see blacklisted pages but doesn’t hide your IP address. Just go to http://www.google.com/translate?langpair=en|en&u=www.whatismyip.com to see your IP is not hidden…