FEPY

“An Ohio computer hacker who
served as a digital button man for a shady internet hosting company
faces prison time after admitting he carried out one of a series of
crippling denial-of-service attacks ordered by a wealthy businessman
against his competitors.
In a deal with prosecutors, Richard “Krashed” Roby, 20, pleaded guilty
in federal court in Toledo last month to intentionally damaging a
protected computer, after launching a 2003 attack on an online
satellite TV retailer that caused at least $120,000 in losses.”

Wired News: Hackers Admit to Wave of Attacks

• No Related Post

“LONDON (Reuters) - Luckily, the
exploding Smedley’s English Red Plums in Heavy Syrup were intercepted
in Turkey before anyone got killed.
But what of the hand grenade disguised as a chocolate bar? Or the
incendiary Vichy pastille sweets?
A secret file from the archives of Britain’s spy services released this
week shows ingenious methods, conjured up by Germans during World War
Two, for disguising bombs.
Britain’s Security Service began opening its records this year under
the country’s new Freedom of Information Act.
Among the files declassified by the National Archive was a treasure
trove of nifty exploding gadgets, labeled “Camouflages for sabotage
equipment used by the German sabotage services.”
The drawing of the design for the chocolate bar grenade says it is made
from steel coated with real chocolate, and activated by breaking off a
bit at one end. It doesn’t say whether the grenade was ever actually
manufactured or used.
The file also includes photos of the incendiary pastille sweets, and
bombs hidden in anything from oil cans and food tins to a lump of coal.”

Oddly Enough News Article | Reuters.com

• No Related Post

From the Authors:
Express 3.0 is our latest version of the long running and successful
SmoothWall Express firewall. This is an alpha release, code name
“grizzly”. This means that although this build is working and useable,
it is not feature-complete. It also has a couple of known problems (see
below). Needless to say, there are probably unknown problems as well.
The major new feature is that it is based on Linux 2.6.
The main reason for releasing a feature-incomplete alpha
smoothie is because we are very interested in how 2.6 performs and to
make sure we have a stable base before adding a few more features.

This page will be updated as and when alphas and betas are released.

Implemented New Features

• Based upon the latest (at least at the time of building) 2.6 kernel.
• Brand new even prettier theme. The polar bear is back!
• Includes many new NIC drivers that are in 2.6.
• Brand new update system - updates are downloaded directly onto the smoothie itself instead of going via the desktop browser.
• NTP service for the local network.
• Extension “home-brew” system.
• Local hosts list that can be served through the DNS proxy.
• Replacement traffic stats page.
• SIP NAT support (experimental!)
• Many internal changes to make the code more organised and easier to work with.
• Jazzed up control page.
• Easier to use log viewers with “Smooooth” pagination.

Planned New Features
Post alpha, we plan to add the following features, at a minimum:

• Support for an additional interface for wireless and other applications.
• Settings upgrade from Express 2.0.
• Other things that come along!

Express 3.0 - SmoothWall

• No Related Post

“Nessus is a great tool designed to automate the testing and discovery
of known security problems. Typically someone, a hacker group, a
security company, or a researcher discovers a specific way to violate
the security of a software product. The discovery may be accidental or
through directed research; the vulnerability, in various levels of
detail, is then released to the security community. Nessus is designed
to help identify and solve these known problems, before a hacker takes
advantage of them. Nessus is a great tool with lots of capabilities.
However it is fairly complex and few articles exist to direct the new
user through the intricacies of how to install and use it. Thus, this
article shall endeavor to cover the basics of Nessus setup and
configuration. The features of the current versions of Nessus (Nessus
2.0.8a and NessusWX 1.4.4) will be discussed. Future articles will
cover Nessus in more depth.
Nessus is a public domain program released under the GPL. Historically,
many in the corporate world have ridiculed such public domain software
as being a waste of time, instead choosing “supported” products
developed by established companies. Typically these packages cost
hundreds or thousands of dollars, and are often purchased using the
logic that you get what you pay for. Some people are starting to
realize that public domain software, such as Nessus, isn’t always
inferior and sometimes it is actually superior. Paid technical support
for Nessus is even available from www.tenablesecurity.com. Nessus also
has a great community of developers anchored by the primary author,
Renaud Deraison. When allowed to fairly compete in reviews against
other vulnerability scanners, Nessus has equaled or outshined products
costing thousands of dollars. [ref: Information Security, Network
Computing]
One of the very powerful features of Nessus is its client server
technology. Servers can be placed at various strategic points on a
network allowing tests to be conducted from various points of view. A
central client or multiple distributed clients can control all the
servers. The server portion will run on most any flavor of Unix. It
even runs on MAC OS X and IBM/AIX, but Linux tends to make the
installation simpler. These features provide a great deal of
flexibility for the penetration tester. Clients are available for both
Windows and Unix. The Nessus server performs the actual testing while
the client provides configuration and reporting functionality.”

Introduction to Nessus

• No Related Post

“Honeypots are a new and
emerging technology for the security community. Many security
professionals are just now beginning to understand what honeypots are,
their different types, how they work, and their value. As with many new
technologies, not only are the professionals attempting to learn about
them but so is the legal community. As honeypots and their concepts
have grown more popular, people have begun to ask what legal issues
could apply. The purpose of this paper is to address the most commonly
asked issues. The concepts covered here will be focusing on US
statutes, not international, mainly because I’m only familiar with US
law. However, these concepts most likely also play some role in the
international community. Also, this paper assumes you are familiar with
the definition of a honeypot. If you are new to honeypots, I recommend
you first read the paper Honeypots: Definitions and Values.
Before we begin, I would like to start off by saying that this paper is
based on my opinions. I am in no way an authority on legal issues
(heck, I’m a history major who blew things up with M1A1 Main Battle
Tanks). However, I feel I have a relatively good feel of honeypots and
have worked extensively with several members of the legal community on
honeypot legal issues. Before I go any further, I would also like to
thank both Jennifer Grannick, Director of Stanford Center for Internet
and Society, and Richard Salgado of the CCIPS Department of Justice,
for their help in writing this paper.”

Honeypots: Are They Illegal?

• No Related Post

“Introduction
Threats to wireless local area networks (WLANs) are numerous and
potentially devastating. Security issues ranging from misconfigured
wireless access points (WAPs) to session hijacking to Denial of Service
(DoS) can plague a WLAN. Wireless networks are not only susceptible to
TCP/IP-based attacks native to wired networks, they are also subject to
a wide array of 802.11-specific threats. To aid in the defense and
detection of these potential threats, WLANs should employ a security
solution that includes an intrusion detection system (IDS). Even
organizations without a WLAN are at risk of wireless threats and should
consider an IDS solution. This paper will describe the need for
wireless intrusion detection, provide an explanation of wireless
intrusion detection systems, and identify the benefits and drawbacks of
a wireless intrusion detection solution.”

Wireless Intrusion Detection Systems

• No Related Post

“Wireless technologies have
spread quickly in recent years and are now widely deployed in corporate
environments as well as at home. The human dependency on those
technologies has increased to the point where one can find wireless
devices almost everywhere, from network devices to laptops, cameras,
and so on.
Though these devices support standard security options and protocols
useful to thwart common attacks (ciphering, authentication, etc), many
kinds of attacks are still possible but are dependant on the real level
of security present and the skill of the attacker.
Sometimes, even in companies, blackhat people find open networks with
poor or no security in place. Then they can deeply penetrate such easy
targets to steal information or bounce anonymously elsewhere over the
Internet. These threats come through the external physical barriers
(from a parking lot, walking down the street, through windows) or
inside your own environment (via zealous network seekers with PDAs or
laptops, wireless cards and scanning software).
This paper will introduce honeypots as a countermeasure for wireless
environments (more specifically, WiFi-related technologies). So, let’s
prepare to feed greedy blackhat people with waves of honey to defeat
our happy attackers.”
Read the rest here: Wireless Honeypot Trickery

• No Related Post

“LOS ANGELES (Reuters) - An
angry San Diego topless dancer pulled out a knife and stabbed a
customer after he refused a lap dance, police said on Thursday.
Lawanda Dixon, 24, was arrested for assault with a deadly weapon
shortly after the altercation with 33-year-old Melik Jordan at the
Dream Girls Cabaret early on Wednesday, San Diego police Det. Gary
Hassen said.
“He was in the club with some friends watching the shows when she came
up and asked if he wanted a lap dance,” Hassen said. “He said no, she
got upset about it, they argued back and forth. She pulled knife out of
her bag and stabbed him.”
Dixon was taken into custody and police found methamphetamine in a
small metal container in Dixon’s bag, Hassen said, adding that she may
face drug charges. Officers also confiscated a small folding knife.
Jordan was treated for his injuries and released by a local hospital.”

Oddly Enough News Article | Reuters.com

• No Related Post

“NEW YORK - For more than a
year, Apple and Motorola’s plans to release an iTunes-enabled phone
have tantalized the music and mobile phone businesses. Now, with the
two companies set to unveil the long-rumored handset Sept. 7, they
might be underdelivering.
A person who has seen a version of the phone says it was designed to
accommodate just 25 songs, which would be “sideloaded” from a user’s
computer using iTunes. The phone was equipped with a 128-megabyte
Sandisk TransFlash memory card–just one-quarter the capacity of
Apple’s (nasdaq: AAPL - news - people ) smallest iPod, the 512-megabyte
shuffle, which holds about 120 songs.
While it should be possible to swap out the memory card on the new
iTunes phone for one with more capacity, the person who has seen the
handset says the phone’s software appears to artificially cap song
storage at 25 songs, regardless of how much memory the phone has.”

With 25-Song Cap, ITunes Phone May Underwhelm - Forbes.com

• No Related Post

“Rumour has it the official
release date has already been decided for Windows Vista - and you can
expect it to be ready in time to make an appearance late next year.
According to a report by Windows IT Pro, the official date for a full
Vista release will be 7 December 2006, with the second beta of the
product being released to testers late this year.
The report, which claims to be based on “very recent internal Microsoft
documentation”, said the first release candidate of the operating
system, RC0, will appear on 19 April next year, with the second release
candidate due on 28 June 2006.”

Vista release date: 7 December 2006? - Operating Systems - Breaking Business and Technology News at silicon.com

• No Related Post